[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Buffer overflow in BASH
From:       "Peter J. Holzer" <hjp () WSR ! AC ! AT>
Date:       1999-04-27 14:38:15
[Download RAW message or body]


On 1999-04-19 14:59:06 -0400, Adam D. McKenna wrote:
> I really don't see the point of people posting bash bugs here.
> Especially not bugs in old versions. There are a lot of bash bugs, you
> can't gain any extra priveleges by exploiting them though.

You can, if you can trigger the bug in a script which is not running
with your privileges - suid and cgi scripts are obvious examples.

So, posting bash bug reports at least reminds people that using
bash - especially old versions - for such scripts is not a good idea.

	hp

--
   _  | Peter J. Holzer             | Where do you want your keys
|_|_) | Sysadmin WSR / Obmann LUGA  | to go today?
| |   | hjp@wsr.ac.at               |     -- Tom Perrine <tep@SDSC.EDU>
__/   | http://wsrx.wsr.ac.at/~hjp/ |        on bugtraq 1999-04-20

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]