oss-sec mailing list archives

Re: Healing the bash fork

From: "Mark R Bannister" <mark () proseconsulting co uk>
Date: Tue, 30 Sep 2014 13:50:40 +0100

I discuss the setuid/setgid vulnerability at the following site,> including demonstrating how Florian's prefix/suffix 
patch provides
no protection:>
http://technicalprose.blogspot.co.uk/2014/09/shellshock-bug-third-vulnerability.html


Please can we have a separate CVE for the setuid/setgid bash exploit?  I think this attack vector deserves to be 
tracked properly, and we need to be clear on when and if someone chooses to provide a fix for it.

Thanks,
Mark.

Current thread:

Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
  - Re: Healing the bash fork Kobrin, Eric (Sep 30)
    - Re: Healing the bash fork Sebastian Krahmer (Sep 30)
    - Re: Healing the bash fork John Haxby (Sep 30)
    - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)

(Thread continues...)