Bugtraq mailing list archives
Re: Buffer overflow in BASH
From: hjp () WSR AC AT (Peter J. Holzer)
Date: Tue, 27 Apr 1999 16:38:15 +0200
--RwGu8mu1E+uYXPWP Content-Type: text/plain; charset=us-ascii On 1999-04-19 14:59:06 -0400, Adam D. McKenna wrote:
I really don't see the point of people posting bash bugs here. Especially not bugs in old versions. There are a lot of bash bugs, you can't gain any extra priveleges by exploiting them though.
You can, if you can trigger the bug in a script which is not running with your privileges - suid and cgi scripts are obvious examples. So, posting bash bug reports at least reminds people that using bash - especially old versions - for such scripts is not a good idea. hp -- _ | Peter J. Holzer | Where do you want your keys |_|_) | Sysadmin WSR / Obmann LUGA | to go today? | | | hjp () wsr ac at | -- Tom Perrine <tep () SDSC EDU> __/ | http://wsrx.wsr.ac.at/~hjp/ | on bugtraq 1999-04-20 --RwGu8mu1E+uYXPWP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQDQAwUBNyXL11LjemazOuKpAQGuOgXSAspM+uQI82xOlqzGWMZYID1a+lQQP0vz qRtr6UCaljhuZHwkmmf2Vh2gawvQUT97YA22boLtmPD4GutaXqxDatloOz5tIEg3 xfdyAhip0BaTkk3BC4/BoKTFBrZzAF6Qqoj664IKmK7ct3BADe0U1m7i9Ab6rVzN Nz1TqM3PqihfYwbs1LtDbdp7Z+eLAhAZd2Pr4BuHWv9rz4JLS5rtfeNjENDngjWI 1LFD1FftiiTF/+yCPQsQSnmRFw== =U3VK -----END PGP SIGNATURE----- --RwGu8mu1E+uYXPWP--
Current thread:
- Re: Buffer overflow in BASH Adam D. McKenna (Apr 19)
- Re: Buffer overflow in BASH Peter J. Holzer (Apr 27)