oss-sec mailing list archives
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME
From: Chet Ramey <chet.ramey () case edu>
Date: Fri, 16 Sep 2016 15:56:01 -0400
I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):Yes, that is the current fix for this. There are other ways to do it.
Here's a patch to bash-4.3 that will fix this. Chet
Attachment:
prompt-string-comsub.patch
Description:
``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet () case edu http://cnswww.cns.cwru.edu/~chet/
Current thread:
- CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)