oss-sec mailing list archives

Re: Healing the bash fork

From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 30 Sep 2014 15:10:23 +0200

On Tue, Sep 30, 2014 at 01:50:40PM +0100, Mark R Bannister wrote:

I discuss the setuid/setgid vulnerability at the following site,> including demonstrating how Florian's 
prefix/suffix patch provides
no protection:>
http://technicalprose.blogspot.co.uk/2014/09/shellshock-bug-third-vulnerability.html


Please can we have a separate CVE for the setuid/setgid bash exploit?  I think this attack vector deserves to be 
tracked properly, and we need to be clear on when and if someone chooses to provide a fix for it.


"innocuous looking setuid program" made my day ;)

We should take care not to blame all and everything to bash.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

Current thread:

Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
  - Re: Healing the bash fork Kobrin, Eric (Sep 30)
    - Re: Healing the bash fork Sebastian Krahmer (Sep 30)
    - Re: Healing the bash fork John Haxby (Sep 30)
    - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
  - Re: Healing the bash fork Ed Prevost (Sep 30)

(Thread continues...)