Remote Code Execution through BASH environment variables
1 view
Skip to first unread message
mi...@theadamsresidence.net
Sep 24, 2014, 7:29:25 PM9/24/14
to oa...@googlegroups.com
Hey,
Seems oddly appropriate to hear that RMS is coming and then find out about
issues with BASH.
One of my co-workers just shared this through the office and I thought
you guys might want to know about it.
Essentially BASH is executing commands that are put into an environtment
variable that holds a function.
https://marc.info/?l=oss-security&m=141157106132018&w=2
Described attack vectors include bash scripts called through CGI and
OpenSSH.
So have fun with that one.
- Mike
Seems oddly appropriate to hear that RMS is coming and then find out about
issues with BASH.
One of my co-workers just shared this through the office and I thought
you guys might want to know about it.
Essentially BASH is executing commands that are put into an environtment
variable that holds a function.
https://marc.info/?l=oss-security&m=141157106132018&w=2
Described attack vectors include bash scripts called through CGI and
OpenSSH.
So have fun with that one.
- Mike
Reply all
Reply to author
Forward
0 new messages