lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <001201c2a574$d7742e20$24029dd9@tuborg>
From: knud at skodliv.dk (Knud Erik Højgaard)
Subject: R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors

matt merhar wrote:
> On Mon, 16 Dec 2002 10:56:20 -0800 (PST)
> Michal Zalewski <lcamtuf@...ttot.org> wrote:
>
>> :(){ :|:&};:
>
> ^^^^^^^^^^ don't type that i lost 134 day uptime because of that

No wonder, if you substitute the : with a word, for example bomb, it's
pretty obvious what this does.

bomb(){ bomb|bomb&};bomb

A properly configured login.conf prohibits this from having any effect on my
FreeBSD, and since you dont state your flavour i suppose it's the same as
mine.

--
Knud

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ