Bash specially-crafted environment variables code injection attack

Jan Dušátko jan at dusatko.org
Thu Sep 25 18:36:20 CEST 2014

Previous message: Bash specially-crafted environment variables code injection attack
Next message: OT: postfix SASL + MySQL (crypted password)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Zajimalo by mne, zda se to tyka pouze Linuxu a pouze pokud mate bash
>
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen
t-variables-code-injection-attack/

# bash
[ ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
[ ~]# exit

# # pkg delete bash-static-4.3.8 bash-completion-2.1_3,1
pkg: Error while trying to delete packages, dependencies that are still
required:
shells/bash: shells/bash-completion
shells/bash-completion: sysutils/nut

To nevypada moc dobre ....

Previous message: Bash specially-crafted environment variables code injection attack
Next message: OT: postfix SASL + MySQL (crypted password)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list