Fujam para as colinas!
root@host:~# env X='() { (a)=\' sh -c echo vulnerable; bash -c 'test'
env X='() { (a)=\' sh -c echo vulnerable; bash -c 'test'
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
vulnerable
fonte:
e vamos nos de novo...
--
Oda
--
If you don't have time to do it right, where
are you going to find the time to do it over?
--
On Fri, Sep 26, 2014 at 1:21 PM, J. Tozo junior...@gmail.com
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
Eu não sei porque isso não é desativado por padrão e quem quiser fazer
este tipo de coisa no shell que use um shopt da vida para habilitar.
:|
On Fri, Sep 26, 2014 at 1:31 PM, Oda o...@member.fsf.org wrote:
e vamos nos de novo...
--
Interessante que no patch de ontem veio explicito que corrigiria isto.
[...]
patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt.
Patched an additional trailing string processing vulnerability discovered
by Tavis Ormandy.
For more information, see:
ufa!
root@host:/root# env x='() { :;}; echo vulnerable' bash -c echo this is a
test
env x='() { :;}; echo vulnerable' bash -c echo this is a test
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
-- Forwarded message
instalou o de hoje, ne?
On Sep 25, 2014 8:40 PM, J. Tozo junior...@gmail.com wrote:
ufa!
root@host:/root# env x='() { :;}; echo vulnerable' bash -c echo this is
a test
env x='() { :;}; echo vulnerable' bash -c echo this is a test
bash: warning: x: ignoring function definition attempt
Isso o (SSA:2014-268-01)
On Thu, Sep 25, 2014 at 8:53 PM, Oda o...@member.fsf.org wrote:
instalou o de hoje, ne?
On Sep 25, 2014 8:40 PM, J. Tozo junior...@gmail.com wrote:
ufa!
root@host:/root# env x='() { :;}; echo vulnerable' bash -c echo this is
a test
env x='() { :;}; echo
7 matches
Mail list logo