| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C49470270F5AD43A0BDEA0F130C850BEEEAB0@its-emb1.umflint.edu> Date: Fri Aug 19 14:51:41 2005 From: jlauro at umflint.edu (Lauro, John) Subject: bash vulnerability? I know, common knowledge ignored.... but for those wanting a clue.... It's not an exploit if you are already root and just tell the system to trash itself. ;) Denial of service for youself is also not a 0day. In some cases it may be interesting if you can kick a service down for other users too if you can do it as non root with a method other than a fork or ohter resource bomb. Not sure about the first one. It didn't seem to do anything. $ exec &>&- [1] 22829 $ [1] + Done exec The second one operates as I would expect. If you still see an exploit out of this, be more specific as to OS, etc... ________________________________ From: full-disclosure-bounces@...ts.grok.org.uk on behalf of nocfed Sent: Thu 8/18/2005 4:37 PM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] bash vulnerability? I have two more 0day's for you to look into. This may take YEARS to figure out! 1) exec &>&- WHOA! WHAT HAS HAPPEN!? 2) kill -9 -1 WASH, REPEAT! Nobody has been informed of the aformentioned '0day' and common knowledge has been ignored. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists