From owner-freebsd-security  Wed Nov 29  8:14: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP id 816B437B400
	for <freebsd-security@FreeBSD.ORG>; Wed, 29 Nov 2000 08:14:06 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eATGERk05538;
	Wed, 29 Nov 2000 08:14:27 -0800 (PST)
	(envelope-from kris)
Date: Wed, 29 Nov 2000 08:14:27 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Roman Shterenzon <roman@xpert.com>
Cc: Nevermind <never@nevermind.kiev.ua>, freebsd-security@FreeBSD.ORG
Subject: Re: bash vulnerability
Message-ID: <20001129081426.A5498@citusc17.usc.edu>
References: <20001129124057.M17181@nevermind.kiev.ua> <Pine.LNX.4.30.0011291248260.19606-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.30.0011291248260.19606-100000@jamus.xpert.com>; from roman@xpert.com on Wed, Nov 29, 2000 at 12:49:25PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 29, 2000 at 12:49:25PM +0200, Roman Shterenzon wrote:
> On Wed, 29 Nov 2000, Nevermind wrote:
>=20
> > Hello, Roman Shterenzon!
> >
> > On Wed, Nov 29, 2000 at 12:36:19PM +0200, you wrote:
> >
> > > Hi,
> > > The bash seems vulnerable to the symlink attack as well:
> > > http://www.securityfocus.com/bid/2006
> > Where have you seen bash or FreeBSD?
>=20
> Installed from /usr/ports/shells/bash2 (or bash1).

Is it bash2 as well? I've only seen bash1 reported on bugtraq.

> I don't know if the shipping /bin/sh is vulnerable.

It's not.

Kris
--BXVAT5kNtrzKuDFl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjolK2IACgkQWry0BWjoQKXSCwCfcQumb74MZxp6572TpCQCd+oW
AGUAoNMfKgMdOQD/U++YD8bvY4Q+bx8P
=0Bmf
-----END PGP SIGNATURE-----

--BXVAT5kNtrzKuDFl--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message