From owner-freebsd-security  Wed Nov 29  2:49:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17])
	by hub.freebsd.org (Postfix) with ESMTP id 0572537B401
	for <freebsd-security@freebsd.org>; Wed, 29 Nov 2000 02:49:37 -0800 (PST)
Received: from roman (helo=localhost)
	by jamus.xpert.com with local-esmtp (Exim 3.12 #5)
	id 1414nl-000593-00; Wed, 29 Nov 2000 12:49:25 +0200
Date: Wed, 29 Nov 2000 12:49:25 +0200 (IST)
From: Roman Shterenzon <roman@xpert.com>
To: Nevermind <never@nevermind.kiev.ua>
Cc: <freebsd-security@freebsd.org>
Subject: Re: bash vulnerability
In-Reply-To: <20001129124057.M17181@nevermind.kiev.ua>
Message-ID: <Pine.LNX.4.30.0011291248260.19606-100000@jamus.xpert.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 29 Nov 2000, Nevermind wrote:

> Hello, Roman Shterenzon!
>
> On Wed, Nov 29, 2000 at 12:36:19PM +0200, you wrote:
>
> > Hi,
> > The bash seems vulnerable to the symlink attack as well:
> > http://www.securityfocus.com/bid/2006
> Where have you seen bash or FreeBSD?

Installed from /usr/ports/shells/bash2 (or bash1).
I don't know if the shipping /bin/sh is vulnerable.

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message