Date: Fri, 23 Aug 1996 04:15:31 -0700 (PDT) From: Wolfram Schneider <wosch> To: CVS-committers, cvs-all, cvs-ports Subject: cvs commit: ports/shells/bash/patches patch-af Message-ID: <199608231115.EAA11864@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
wosch 96/08/23 04:15:29 Added: shells/bash/patches patch-af Log: Security fix. Number: ERS-SVA-E01-1996:004.1 VULNERABILITY: A variable declaration error in "bash" allows the character with value 255 decimal to be used as a command separator. THREAT: When used in environments where users provide strings to be used as commands or arguments to commands, "bash" can be tricked into executing arbitrary commands.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608231115.EAA11864>