Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed.
We think that this is a security issue because in some circumstances the bash security feature could be bypassed allowing the bash to be a valid target shell in an attack. We strongly recommend to patch your bash code. Why don't fix this bug by simple adding mandatory "if" clause ? Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html Thanks you, Hector Marco http://hmarco.org _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
