| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Jun 2014 16:16:31 +0200 From: Hector Marco <hecmargi@....es> To: fulldisclosure@...lists.org CC: oss-security@...ts.openwall.com, bugtraq@...urityfocus.com, advisories <advisories@...xperts.de>, bugs@...uritytracker.com Subject: Bug in bash <= 4.3 [security feature bypassed] Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. We think that this is a security issue because in some circumstances the bash security feature could be bypassed allowing the bash to be a valid target shell in an attack. We strongly recommend to patch your bash code. Why don't fix this bug by simple adding mandatory "if" clause ? Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html Thanks you, Hector Marco http://hmarco.org
Powered by blists - more mailing lists