Bugtraq mailing list archives

Re: BUG in /bin/bash

From: bmc () telebase com (Brian Clapper)
Date: Fri, 23 Aug 1996 09:46:44 -0400

"Red" == Red Barchetta <paradox () pegasus rutgers edu> writes:

Their test string "bash -c 'ls\377who'" gave this output on my Solaris
2.5 system:

        bash: ls377who: command not found

Can anyone verify that this is really a problem?

Ernie Pistor


It's a problem on my BSD/OS 2.1 system running bash version 1.14.5(1).
Thankfully, on the BSD variants (at least the ones we use), bash != sh.
----
Brian Clapper .............................................. bmc () telebase com
http://www.netaxs.com/~bmc/ ............. PGP public key available on request
Daring ideas are like chessmen moved forward,
they may be beaten, but they may start a winning game.
        -- J. W. von Goethe

Current thread:

Vulnerability in the Xt library, (continued)
- - - Vulnerability in the Xt library Aleph One (Aug 24)
    - Re: Vulnerability in the Xt library Stefan `Sec` Zehl (Aug 25)
    - Re: Vulnerability in the Xt library Mike Neuman (Aug 27)
    - Re: Vulnerability in the Xt library Casper Dik (Aug 28)
    - Re: Vulnerability in the Xt library Mike Neuman (Aug 28)
    - RFD: libsuid VaX#n8 (Aug 24)
    - More on UnixWare 2.x vulnerability Todd Vierling (Aug 24)
    - Re: (WORKAROUND) More on UnixWare 2.x vulnerability Hannu Laurila (Aug 24)
    - polyglots (multi-language programs) John Nemeth (Aug 24)
  - Re: BUG in /bin/bash Arthur Hyun (Aug 22)
  - Re: BUG in /bin/bash Brian Clapper (Aug 23)