Bugtraq mailing list archives
Re: bash 1.x - command substitution bug
From: lcamtuf () IDS PL (Michal Zalewski)
Date: Thu, 15 Jul 1999 02:16:31 +0200
http://www.cert.org/ftp/cert_advisories/CA-96.22.bash_vuls
Just to make it clear - vulnerability described in my post seems to be almost similar to one described in CERT advisory. But in fact bug addressed there (bash -c 'command1(0xff)command2') has been fixed years ago in bash 1.14.7 release, while one described by me (0xff in command substitution) - hasn't been fixed (till silent fix in 2.0.x releases). _______________________________________________________________________ Michal Zalewski [lcamtuf () ids pl] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
Current thread:
- Re: bash 1.x - command substitution bug Michal Zalewski (Jul 14)
- <Possible follow-ups>
- bash 1.x - command substitution bug Michal Zalewski (Dec 12)