Re: bash 1.x - command substitution bug

[lcamtuf () IDS PL (Michal Zalewski)]

> http://www.cert.org/ftp/cert_advisories/CA-96.22.bash_vuls

Just to make it clear - vulnerability described in my post seems to be
almost similar to one described in CERT advisory. But in fact bug
addressed there (bash -c 'command1(0xff)command2') has been fixed years
ago in bash 1.14.7 release, while one described by me (0xff in command
substitution) - hasn't been fixed (till silent fix in 2.0.x releases).

_______________________________________________________________________
Michal Zalewski [lcamtuf () ids pl] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]