oss-sec mailing list archives
Fwd: CVE-2014-6271: remote code execution through bash
From: Gennady Kupava <gennady.kupava () gmail com>
Date: Fri, 26 Sep 2014 18:06:45 +0100
The way how bash exports functions is really scary: 1. You can set both variable and export function with same name. $ f () { a; } $ export -f f $ export f=3 $ echo $f 3 $ ksh $ cat /proc/$$/environ|xargs -0 -n1|grep -w f f=3 f=() { a $ echo $f 3 SUS says storing two environment varianles with same name is undefined behavour: http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html 2. Bash partially hides environment variable holding function: $ f () { a; } $ export -f f $ echo $f [ nothing ] Both things above look like good grounds for hackers. Gennady
Current thread:
- Re: CVE-2014-6271: remote code execution through bash, (continued)
- Message not available
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Alexandre Dulaunoy (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Larry W. Cashdollar (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Dwayne Litzenberger (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 26)