mailing list archives
Re: BUG in /bin/bash
From: Dan_Thorson () notes seagate com (Dan Thorson)
Date: Mon, 16 Sep 1996 22:52:12 -0400
I've tried Solaris 2.5 (unpatched) with the same results. I'll report on 2.5
using recommended patches if I see anything different.
Debian linux 1.1
Roger Espel Llima wrote:
VULNERABILITY: A variable declaration error in "bash" allows the
with value 255 decimal to be used as a command separator.
That reminds me of a similar "little-known feature" on SunOS and
Solaris, where /bin/sh interprets '^' as a synonym for '|' :
$ sh -c 'echo blah ^ cat'
.> Again this could be exploited to fool CGI scripts (and ircII scripts
too) which execute shell commands with user-supplied data, after
checking for things like ';', '|' and '&'.