oss-sec mailing list archives
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 5 Jun 2014 22:51:39 -0400
2014-06-03 16:16 GMT+02:00 Hector Marco <hecmargi () upv es>: Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. We think that this is a security issue because in some circumstances the bash security feature could be bypassed allowing the bash to be a valid target shell in an attack. We strongly recommend to patch your bash code. Why don't fix this bug by simple adding mandatory "if" clause ? Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html
It looks like Rage Against The Cage has been rediscovered. Also known as Android ADB Setuid bug. Jeff
Current thread:
- Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 03)
- Re: Bug in bash <= 4.3 [security feature bypassed] Steve Grubb (Jun 03)
- Re: Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran (Jun 04)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton (Jun 05)
- Re: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Simon McVittie (Jun 06)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists (Jun 05)