Full Disclosure mailing list archives
bash vulnerability?
From: Shari Vegas <sharivegas () gmail com>
Date: Sat, 13 Aug 2005 00:54:22 -0700
This vulnerability for right now should be classified as a zero-day local
shell exploit for bash. May want to let your other customers using
Linux/*BSD about this. Still looking for a fix to it at the moment, I
have my team on it. From here, it looks like doing a "ulimit -u 15"
should supress it, but I'm not quite sure for exactly how long, or the
effectiveness.
The string looks like this:
:-(){ :|:& };:
Nasty little shit.
--
Mail I sent my admin earlier after I heard about it. Anyone have just any idea what this is? And how to fix it?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- bash vulnerability? Shari Vegas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- RE: bash vulnerability? Sean Crawford (Aug 13)
- Re: bash vulnerability? Matija Vidmar (Aug 13)
- Re: bash vulnerability? Andre' Breiler (Aug 13)
- Re: bash vulnerability? fd (Aug 14)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Wernfried Haas (Aug 13)
- Re: bash vulnerability? Milan 't4c' Berger (Aug 13)
- <Possible follow-ups>
- Re: bash vulnerability? starwars (Aug 14)
- RE: bash vulnerability? Jay (Aug 15)
- Re: bash vulnerability? Rik Bobbaers (Aug 16)