[3265] in bugtraq
Re: BUG in /bin/bash
daemon@ATHENA.MIT.EDU (Earle Ake)
Fri Aug 23 13:04:37 1996
Date: Thu, 22 Aug 1996 21:26:14 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Earle Ake <earle.ake@hcst.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <CMM-RU.1.5.840742518.paradox@pegasus.rutgers.edu> from "Red
Barchetta" at Aug 22, 96 03:35:18 pm
According to Red Barchetta:
>
> Their test string "bash -c 'ls\377who'" gave this output on my Solaris 2.5
> system:
>
> bash: ls377who: command not found
>
> Can anyone verify that this is really a problem?
Yes, it is! Here is a simple perl script to create the test file
and the file itself in uuencode format.
#!/usr/bin/perl
open(OUT, ">bash.test");
printf OUT ("#!/bin/sh\nbash -c 'ls\377who'\n");
close(OUT);
begin 600 bash.test
;(R$O8FEN+W-H"F)A<V@@+6,@)VQS_W=H;R<*
`
end
-Earle
--
Earle Ake System Analyst Earle.Ake@HCST.com
Hassler Communication Systems Technology, Inc. <URL:http://www.hcst.com/>
2332 Grange Hall Road; Beavercreek, Ohio 45431-2345
Phone: +1 513-427-9000 FAX: +1 513-427-8706
