BugTraq
Bug in bash <= 4.3 [security feature bypassed] Jun 03 2014 02:16PM
Hector Marco (hecmargi upv es) (1 replies)
Hi everyone,

Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.

We think that this is a security issue because in some circumstances
the bash security feature could be bypassed allowing the bash to be a
valid target shell in an attack.

We strongly recommend to patch your bash code.

Why don't fix this bug by simple adding mandatory "if" clause ?
Any comments about this issue are welcomed.

Details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html

Thanks you,

Hector Marco
http://hmarco.org

[ reply ]
Re: Bug in bash <= 4.3 [security feature bypassed] Jun 05 2014 10:02AM
Daryl Tester (dt-bugtraq handcraftedcomputers com au) (1 replies)
Re: Bug in bash <= 4.3 [security feature bypassed] Jun 05 2014 09:13PM
Hector Marco (hecmargi upv es)


 

Privacy Statement
Copyright 2010, SecurityFocus