oss-sec mailing list archives
Re: update on CVE-2008-5718
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 28 Jan 2009 09:02:45 -0500 (EST)
On Wed, 28 Jan 2009, Thomas Biege wrote:
New patch attached, the old one was missing spaces. Hope the blacklist is complete now...
Would a "-" character allow an argument injection attack by inserting dangerous command-line switches? Things like being able to add a "-rf" as an argument to the rm command... I assume there's something undesirable about quoting everything unless it's alphanumeric? - Steve
Current thread:
- update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
