oss-sec mailing list archives
Re: Healing the bash fork
From: "Mark R Bannister" <mark () proseconsulting co uk>
Date: Tue, 30 Sep 2014 13:50:40 +0100
I discuss the setuid/setgid vulnerability at the following site,> including demonstrating how Florian's prefix/suffix patch provides no protection:> http://technicalprose.blogspot.co.uk/2014/09/shellshock-bug-third-vulnerability.html
Please can we have a separate CVE for the setuid/setgid bash exploit? I think this attack vector deserves to be tracked properly, and we need to be clear on when and if someone chooses to provide a fix for it. Thanks, Mark.
Current thread:
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork John Haxby (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)