Bugtraq mailing list archives



Re: BUG in /bin/bash

VULNERABILITY: A variable declaration error in "bash" allows the character with value 255 decimal to be used as a command separator.

That reminds me of a similar "little-known feature" on SunOS and Solaris, where /bin/sh interprets '^' as a synonym for '|' : $ sh -c 'echo blah ^ cat' blah Again this could be exploited to fool CGI scripts (and ircII scripts too) which execute shell commands with user-supplied data, after checking for things like ';', '|' and '&'. -Roger -- e-mail: roger.espel.llima () ens fr WWW & PGP key: http://www.eleves.ens.fr:8080/home/espel/index.html

By Date By Thread

Current thread: