Bash Bug

shadowOPERATOR.ORG

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Daniel Reed: "Re: AOL Instant Messenger URL Crash"
• Previous message: Weld Pond: "L0pht Security Advisory: Cold Fusion App Server"
• Next in thread: Henrik Nordstrom: "Re: Bash Bug"

Figured while everyone was working with bash, I might as well make this
one public(I apologize if this is old news, apparently it hasnt been fixed
if so).

If a user creates a directory with a command like

mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "

and someone cd's into said directory, either by accident, or whatever,
then it will cause it to actually execute. I also did this with a passwd
file, echo a user such as r00t::0:0:\57root\57bin\57bash instead of + + to
the rhosts. Played with symlinks and a few other ways to see if perhaps
maybe the system could trip it if a user made the directory in say /tmp.
Granted it may be a long shot on the users part, the ability to do so is a
bad thing IMHO. This didnt seem to work on any of my BSD boxes.

shadow - CLE

-------------------------------------------------------------------------
Most Failure is due to giving up, not realizing how close to success you
were - Thomas Edison
-------------------------------------------------------------------------

• Next message: Daniel Reed: "Re: AOL Instant Messenger URL Crash"
• Previous message: Weld Pond: "L0pht Security Advisory: Cold Fusion App Server"
• Next in thread: Henrik Nordstrom: "Re: Bash Bug"