Date: Fri, 23 Aug 1996 04:15:31 -0700 (PDT) From: Wolfram Schneider <wosch> To: CVS-committers, cvs-all, cvs-ports Subject: cvs commit: ports/shells/bash/patches patch-af Message-ID: <199608231115.EAA11864@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
wosch 96/08/23 04:15:29
Added: shells/bash/patches patch-af
Log:
Security fix.
Number: ERS-SVA-E01-1996:004.1
VULNERABILITY: A variable declaration error in "bash" allows the character
with value 255 decimal to be used as a command separator.
THREAT: When used in environments where users provide strings to be
used as commands or arguments to commands, "bash" can be
tricked into executing arbitrary commands.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608231115.EAA11864>