> http://www.cert.org/ftp/cert_advisories/CA-96.22.bash_vuls Just to make it clear - vulnerability described in my post seems to be almost similar to one described in CERT advisory. But in fact bug addressed there (bash -c 'command1(0xff)command2') has been fixed years ago in bash 1.14.7 release, while one described by me (0xff in command substitution) - hasn't been fixed (till silent fix in 2.0.x releases). _______________________________________________________________________ Michal Zalewski [lcamtufat_private] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:36 PDT