Date: Thu, 12 Jan 2017 09:50:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 215988] shells/lshell - shell escape vulnerability in 0.9.16_2 Message-ID: <bug-215988-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215988 Bug ID: 215988 Summary: shells/lshell - shell escape vulnerability in 0.9.16_2 Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/ghantoos/lshell/issues/151 OS: Any Status: New Keywords: security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: dam@my.gd A shell escape vulnerability was found in lshell [1]. This vulnerability is confirmed in lshell's current version 0.9.16_2 in the FreeBSD ports tree and can be exploited like so : lshell$ echo () sh && echo # ^--- hey look, I'm in /bin/sh now This PR aims to have shells/lshell 0.9.16_2 tagged as vulnerable. I shall submit a new PR to bring lshell up to the upstream's version 0.9.18 which corrects the issue. [1] https://github.com/ghantoos/lshell/issues/151 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215988-13>