Bash specially-crafted environment variables code injection attack
Jan Dušátko
jan at dusatko.org
Thu Sep 25 18:36:20 CEST 2014
> Zajimalo by mne, zda se to tyka pouze Linuxu a pouze pokud mate bash
>
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environmen
t-variables-code-injection-attack/
# bash
[ ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
[ ~]# exit
# # pkg delete bash-static-4.3.8 bash-completion-2.1_3,1
pkg: Error while trying to delete packages, dependencies that are still
required:
shells/bash: shells/bash-completion
shells/bash-completion: sysutils/nut
To nevypada moc dobre ....
More information about the Users-l
mailing list