oss-sec mailing list archives
Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME
From: Jan Schaumann <jschauma () netmeister org>
Date: Fri, 16 Sep 2016 13:38:38 -0400
John Haxby <john.haxby () oracle com> wrote:
A little while ago, one of our users discovered that by setting the hostname to $(something unpleasant), bash would run "something unpleasant" when it expanded \h in the prompt string.
To clarify: this is only triggered if the hostname has been set, not the $HOSTNAME variable, right? Your subject line suggests setting $HOSTNAME would lead to command execution, which would be a vulnerability reminiscent of shellshock, but quickly glancing at the code, it looks like $HOSTNAME is only used if gethostname(3) returned an empty string? -Jan
Current thread:
- CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)