oss-sec mailing list archives
Re: CVE-2014-6271: remote code execution through bash
From: Pierre Schweitzer <pierre () reactos org>
Date: Wed, 24 Sep 2014 21:39:37 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Naive question regarding statement below. Does that mean that exec*() system calls are concerned as well (like for instance called from a fork())? Regards, On 24/09/2014 18:23, Michal Zalewski wrote:
Note that on Linux systems where /bin/sh is symlinked to /bin/bash, any popen() / system() calls from within languages such as PHP would be of concern due to the ability to control HTTP_* in the env. /mz
- -- Pierre Schweitzer <pierre at reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUIx35AAoJEHVFVWw9WFsLU7QP/3E77YP5Arh3UMrTYYd0ylfa r/L0k4t9/OSs9fg1GWsr6GP+Jma82y61uavFnE9LglAEY2A5hEkFdCWuPm6r2d58 iOJVaCUdZH8x0NyM6nMmvnG0GKMyQgn9LyzKMeHTUmChIIscYaL22RGq2wI/Bm2N xk04VpxXM/kgdRhGUlKqmahEEskLeiSZlbfhKCT+4WXptFdOIdcAlIg3UW13QPk5 EO0neFqbsLZLWYz/a4CAVoANt8UFUhSrceH/2sk0ObEWoGMcZIiZ0vsWfogO8y6s J0BnZZDq81seUU4QoRw1/BwMh6zh6SmlH3cw2wPyoq2qC4mBBdYCrxBlamd9cFyY A20MUZ5xXudZhZNlWv7Y7kKemoH0qQDT9xja7vvWvl95h1bNhTLoJKr/gfUQY56e BBo7nNXKXtpXEtoVbfd3hTt7reXLjqlqpmLdmClgGM9JotKS7JCiOpytibqW7pOn UKL00tUlBkcp2dYREegy0X+Rli8OOAJXTm0g+yvOiglMM1hXG067hkLDwZnQraOF 0/WZWOFfMSCHbciZYbIgP4ptQTHomWS5vy0ukZ+rGy3th/fXlAwb1Kv7PcmByD6+ WXBSngDlR85v+DYJjaWqtQIudMudfm0Z/s08jBJtUI83LjPWQeHtv0STXx5JVtS8 HP5Bbv53yyPzBuWSSRYf =Oavc -----END PGP SIGNATURE-----
Current thread:
- Re: CVE-2014-6271: remote code execution through bash, (continued)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash mancha (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)