Full Disclosure mailing list archives
Re: Critical bash vulnerability CVE-2014-6271
From: Seth Arnold <seth.arnold () canonical com>
Date: Thu, 25 Sep 2014 15:10:08 -0700
On Thu, Sep 25, 2014 at 01:54:31PM -0700, Paul Vixie wrote:
no. the problem occurs when /bin/sh is bash, or when a network invokable script begins with the line #!/bin/bash. it has nothing to do with the user's shell. rather, it's the shell used by popen() and system() and of course (execl, execlp, execle, execv, execvp, execvpe), or, it's the explicitly called shell named at the top of the script itself.
Which systems go through /bin/sh for the exec*() family of functions? Thanks
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Critical bash vulnerability CVE-2014-6271, (continued)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion) Ben Lincoln (F7EFC8C9 - FD) (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Matt Hazinski (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Yvan Janssens (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 g () 1337 io (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Evan Teitelman (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Godin, Erik (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Tim (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Seth Arnold (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Message not available
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)