Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: bash vulnerability?

From: "Lauro, John" <jlauro () umflint edu>
Date: Thu, 18 Aug 2005 16:55:33 -0400
I know, common knowledge ignored....   but for those wanting a
clue....
 
It's not an exploit if you are already root and just tell the system
to trash itself.  ;)
 
 
Denial of service for youself is also not a 0day.  In some cases it
may be interesting if you can kick a service down for other users too
if you can do it as non root with a method other than a fork or ohter
resource bomb.  
 
Not sure about the first one. It didn't seem to do anything.
$ exec &>&-
[1] 22829
$ 
[1] + Done                 exec 

The second one operates as I would expect.  If you still see an
exploit out of this, be more specific as to OS, etc...
 
 

________________________________

From: full-disclosure-bounces () lists grok org uk on behalf of nocfed
Sent: Thu 8/18/2005 4:37 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] bash vulnerability?



I have two more 0day's for you to look into.  This may take YEARS to
figure out!

1) exec &>&-

WHOA!  WHAT HAS HAPPEN!?

2) kill -9 -1

WASH, REPEAT!


Nobody has been informed of the aformentioned '0day' and common
knowledge has been ignored.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: