[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname
From: |
Ludovic Courtès |
Subject: |
Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname |
Date: |
Thu, 22 Sep 2016 00:42:15 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
John Darrington <address@hidden> skribis:
> On Tue, Sep 20, 2016 at 04:55:30PM -0400, Leo Famulari wrote:
> Any advice on how we should handle CVE-2016-0634?
>
> http://seclists.org/oss-sec/2016/q3/534
>
> Like the comment there says, it is only a problem if the machine has
> already been owned,
… or if a privilege application like a DHCP client can be made to set
the host name to $(something bad), which was apparently possible at some
point.
> so I don't see what the issue is. If there is an issue it is for the
> bash maintainers to patch.
Chet proposed a patch:
http://seclists.org/oss-sec/2016/q3/att-538/prompt-string-comsub.patch
IIUC, the just-released 4.4 isn’t affected, right?
We should at least update it in core-updates, but core-updates won’t be
merged until we have fixed that Binutils/MIPS issue (which shouldn’t be
too hard, but we never know!).
I’m somewhat unavailable these days; could someone look into it?
Thanks for the heads-up Leo, as usual!
Ludo’.