From owner-freebsd-security Wed Nov 29 2:34:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgw3.netvision.net.il (mailgw3.netvision.net.il [194.90.1.11]) by hub.freebsd.org (Postfix) with ESMTP id A48D237B401 for ; Wed, 29 Nov 2000 02:34:52 -0800 (PST) Received: from alchemy.oven.org (ras9-p162.hfa.netvision.net.il [62.0.104.162]) by mailgw3.netvision.net.il (8.9.3/8.9.3) with ESMTP id MAA20222 for ; Wed, 29 Nov 2000 12:33:49 +0200 (IST) Received: (from mapc@localhost) by alchemy.oven.org (8.11.1/8.11.1) id eATAYm574604; Wed, 29 Nov 2000 12:34:48 +0200 (IST) (envelope-from mapc) Date: Wed, 29 Nov 2000 12:34:48 +0200 From: Roman Shterenzon To: freebsd-security@freebsd.org Cc: "bash1 port maintainer "@alchemy.oven.org, "bash2 port maintainer "@alchemy.oven.org Subject: bash vulnerability Message-ID: <20001129123448.A74595@alchemy.oven.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, The bash seems vulnerable to the symlink attack as well: http://www.securityfocus.com/bid/2006 --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message