Bugtraq mailing list archives
Re: BUG in /bin/bash
From: earle.ake () hcst com (Earle Ake)
Date: Thu, 22 Aug 1996 21:26:14 -0400
According to Red Barchetta:
Their test string "bash -c 'ls\377who'" gave this output on my Solaris 2.5 system: bash: ls377who: command not found Can anyone verify that this is really a problem?
Yes, it is! Here is a simple perl script to create the test file and the file itself in uuencode format. #!/usr/bin/perl open(OUT, ">bash.test"); printf OUT ("#!/bin/sh\nbash -c 'ls\377who'\n"); close(OUT); begin 600 bash.test ;(R$O8FEN+W-H"F)A<V@@+6,@)VQS_W=H;R<* ` end -Earle -- Earle Ake System Analyst Earle.Ake () HCST com Hassler Communication Systems Technology, Inc. <URL:http://www.hcst.com/> 2332 Grange Hall Road; Beavercreek, Ohio 45431-2345 Phone: +1 513-427-9000 FAX: +1 513-427-8706
Current thread:
- BUG in /bin/bash Seven Up (Aug 22)
- <Possible follow-ups>
- Re: BUG in /bin/bash Red Barchetta (Aug 22)
- Re: BUG in /bin/bash The Ghost who Admins (Aug 22)
- Re: BUG in /bin/bash Digital Dreamer (Aug 22)
- Re: BUG in /bin/bash Earle Ake (Aug 22)
- IE 3.0? InterAccess Support Manager (Aug 22)
- Re: IE 3.0? Dave Andersen (Aug 23)
- More on the UnixWare problem Todd Vierling (Aug 23)
- resolv+ and finger... C. Hodges (Aug 23)
- Vulnerability in the Xt library Aleph One (Aug 24)
- Re: Vulnerability in the Xt library Stefan `Sec` Zehl (Aug 25)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 27)
- Re: Vulnerability in the Xt library Casper Dik (Aug 28)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 28)
- RFD: libsuid VaX#n8 (Aug 24)