[12439] in bugtraq
Re: bash 1.x - command substitution bug
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Thu Nov 4 13:03:51 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <lcamtuf.4.05.9907150213350.336-100000@nimue.ids.pl>
Date: Thu, 15 Jul 1999 02:16:31 +0200
Reply-To: Michal Zalewski <lcamtuf@IDS.PL>
From: Michal Zalewski <lcamtuf@IDS.PL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199911031417480860.616B5601@quaggy.ursine.com>
> http://www.cert.org/ftp/cert_advisories/CA-96.22.bash_vuls
Just to make it clear - vulnerability described in my post seems to be
almost similar to one described in CERT advisory. But in fact bug
addressed there (bash -c 'command1(0xff)command2') has been fixed years
ago in bash 1.14.7 release, while one described by me (0xff in command
substitution) - hasn't been fixed (till silent fix in 2.0.x releases).
_______________________________________________________________________
Michal Zalewski [lcamtuf@ids.pl] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
