oss-sec mailing list archives

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability)

From: Chet Ramey <chet.ramey () case edu>
Date: Mon, 29 Sep 2014 10:33:20 -0400

On 9/29/14, 9:01 AM, Osmond Sun wrote:

I found the function parsing is still imperfect.
e.g. $env x="() { :;}; `touch vulnerablefile`" bash -c "echo this is a test "


If that is the command you ran, this doesn't show any vulnerability.  The
double quotes surrounding the assignment to x in the argument to `env'
mean that command substitution is performed before env runs.  It's the
command substitution that creates the file, so the file exists before bash
is invoked.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/

Current thread:

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability), (continued)
- - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) John Haxby (Sep 26)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bernhard Hermann (Sep 26)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 26)
    - Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 26)
    - Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 28)
    - Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost (Sep 29)
    - RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi (Sep 29)
    - Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)

(Thread continues...)