Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
From: Knud Erik Højgaard <knud () skodliv dk>
Date: Tue, 17 Dec 2002 03:34:32 +0100

matt merhar wrote:
On Mon, 16 Dec 2002 10:56:20 -0800 (PST)
Michal Zalewski <lcamtuf () ghettot org> wrote:

:(){ :|:&};:

^^^^^^^^^^ don't type that i lost 134 day uptime because of that

No wonder, if you substitute the : with a word, for example bomb, it's
pretty obvious what this does.

bomb(){ bomb|bomb&};bomb

A properly configured login.conf prohibits this from having any effect on my
FreeBSD, and since you dont state your flavour i suppose it's the same as


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]