Even our oldest supported (as extended security maintenance) release
Ubuntu 12.04 had bash 4.2 (https://launchpad.net/ubuntu/+source/bash) -
so whether this affects bash 3.2.57 is not relevant to Ubuntu anymore.
--
You received this bug notification because you are a member of Ubuntu
Touch
This bug was not fixed Upto bash v4.3 , this bug also arises in v3.2.57.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the
This bug was fixed in the package bash - 4.3-14ubuntu1.2
---
bash (4.3-14ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
*
This bug was fixed in the package bash - 4.3-7ubuntu1.7
---
bash (4.3-7ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
*
This bug was fixed in the package bash - 4.3-15ubuntu1.1
---
bash (4.3-15ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
This issue was assigned CVE-2016-0634. See the oss-security notice here:
http://openwall.com/lists/oss-security/2016/09/16/8
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0634
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the
I'm not sure what the attack vector here is. /etc/hostname is only
writeable by root.
Is there any way for an attacker to control /etc/hostname?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
@Marc
Yes , if some application has a bug , for example MintNanny :
https://bugs.launchpad.net/linuxmint/+bug/1460835
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
script
** Attachment added: "changehostname.sh"
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4510099/+files/changehostname.sh
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
#! /bin/sh
# run this as root early in the boot order. No other script like hostname.sh
should run later
HOSTNAME="$(hostname|sed 's/[^A-Za-z0-9_\-\.]/x/g')";hostname "$HOSTNAME"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
Workaround ...
to make my modified "hostname.sh" script run at startup, i changed the file
/etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order
Thats better ... (the "-" was wrong in my previous posting )
HOSTNAME="${HOSTNAME//[^A-Za-z0-9_\-]/x}"
i attached a modified hostname.sh wich uses bash.
it can be startet manualy with
sudo /etc/init.d/hostname.sh start
The command should somehow run at startup ... but does not by default ?
Patch :
HOSTNAME=${HOSTNAME//[^A-Za-z0-9-_]/_}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
Status in bash
I agree,
i think the hostname should be in the hands of the kernel only.
Should not be overwritten by /etc/hostname.sh.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
typo ... the path is
/etc/init.d/hostname.sh
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
Status in bash package
german demo video
https://www.youtube.com/watch?v=qYuVzHsklS8
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025
Title:
Shell Command Injection with the hostname
Status
I can't imagine the effort involved in hardening all applications to
treat the hostname as untrusted input.
ISPs that sell vservers are really no different from Intel or AMD or
whoever makes your CPU -- you trust them completely and totally with
your data, your executables, and your entire
** Attachment removed: "Dependencies.txt"
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497264/+files/Dependencies.txt
** Attachment removed: "JournalErrors.txt"
19 matches
Mail list logo
