Bugtraq mailing list archives

Re: Buffer overflow in BASH

From: hjp () WSR AC AT (Peter J. Holzer)
Date: Tue, 27 Apr 1999 16:38:15 +0200


--RwGu8mu1E+uYXPWP
Content-Type: text/plain; charset=us-ascii

On 1999-04-19 14:59:06 -0400, Adam D. McKenna wrote:

I really don't see the point of people posting bash bugs here.
Especially not bugs in old versions. There are a lot of bash bugs, you
can't gain any extra priveleges by exploiting them though.


You can, if you can trigger the bug in a script which is not running
with your privileges - suid and cgi scripts are obvious examples.

So, posting bash bug reports at least reminds people that using
bash - especially old versions - for such scripts is not a good idea.

        hp

--
   _  | Peter J. Holzer             | Where do you want your keys
|_|_) | Sysadmin WSR / Obmann LUGA  | to go today?
| |   | hjp () wsr ac at               |     -- Tom Perrine <tep () SDSC EDU>
__/   | http://wsrx.wsr.ac.at/~hjp/ |        on bugtraq 1999-04-20

--RwGu8mu1E+uYXPWP
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQDQAwUBNyXL11LjemazOuKpAQGuOgXSAspM+uQI82xOlqzGWMZYID1a+lQQP0vz
qRtr6UCaljhuZHwkmmf2Vh2gawvQUT97YA22boLtmPD4GutaXqxDatloOz5tIEg3
xfdyAhip0BaTkk3BC4/BoKTFBrZzAF6Qqoj664IKmK7ct3BADe0U1m7i9Ab6rVzN
Nz1TqM3PqihfYwbs1LtDbdp7Z+eLAhAZd2Pr4BuHWv9rz4JLS5rtfeNjENDngjWI
1LFD1FftiiTF/+yCPQsQSnmRFw==
=U3VK
-----END PGP SIGNATURE-----

--RwGu8mu1E+uYXPWP--

Current thread:

Re: Buffer overflow in BASH Adam D. McKenna (Apr 19)
- Re: Buffer overflow in BASH Peter J. Holzer (Apr 27)