Full Disclosure mailing list archives
bash vulnerability?
From: Shari Vegas <sharivegas () gmail com>
Date: Sat, 13 Aug 2005 00:54:22 -0700
This vulnerability for right now should be classified as a zero-day local shell exploit for bash. May want to let your other customers using Linux/*BSD about this. Still looking for a fix to it at the moment, I have my team on it. From here, it looks like doing a "ulimit -u 15" should supress it, but I'm not quite sure for exactly how long, or the effectiveness. The string looks like this: :-(){ :|:& };: Nasty little shit. -- Mail I sent my admin earlier after I heard about it. Anyone have just any idea what this is? And how to fix it? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- bash vulnerability? Shari Vegas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- RE: bash vulnerability? Sean Crawford (Aug 13)
- Re: bash vulnerability? Matija Vidmar (Aug 13)
- Re: bash vulnerability? Andre' Breiler (Aug 13)
- Re: bash vulnerability? fd (Aug 14)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Milan 't4c' Berger (Aug 13)
- <Possible follow-ups>
- Re: bash vulnerability? starwars (Aug 14)
- RE: bash vulnerability? Jay (Aug 15)
- Re: bash vulnerability? Rik Bobbaers (Aug 16)