oss-sec mailing list archives

Re: CVE-2014-6271: remote code execution through bash

From: Chet Ramey <chet.ramey () case edu>
Date: Wed, 24 Sep 2014 16:11:19 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/24/14, 3:39 PM, Pierre Schweitzer wrote:


Hi,

Naive question regarding statement below. Does that mean that exec*()
system calls are concerned as well (like for instance called from a fork())?


No; they do not invoke a shell.

- -- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAlQjJWcACgkQu1hp8GTqdKthrQCdF7b800vGLs/mfMZakRtDp/c1
vwEAmwQjo0qfqQTNE0CHKu+kXkQ+BTXx
=zEjf
-----END PGP SIGNATURE-----

Current thread:

Re: CVE-2014-6271: remote code execution through bash, (continued)
- - - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Pierre Schweitzer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)

(Thread continues...)