Date: Wed, 29 Nov 2000 08:14:27 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Roman Shterenzon <roman@xpert.com> Cc: Nevermind <never@nevermind.kiev.ua>, freebsd-security@FreeBSD.ORG Subject: Re: bash vulnerability Message-ID: <20001129081426.A5498@citusc17.usc.edu> In-Reply-To: <Pine.LNX.4.30.0011291248260.19606-100000@jamus.xpert.com>; from roman@xpert.com on Wed, Nov 29, 2000 at 12:49:25PM %2B0200 References: <20001129124057.M17181@nevermind.kiev.ua> <Pine.LNX.4.30.0011291248260.19606-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 29, 2000 at 12:49:25PM +0200, Roman Shterenzon wrote: > On Wed, 29 Nov 2000, Nevermind wrote: >=20 > > Hello, Roman Shterenzon! > > > > On Wed, Nov 29, 2000 at 12:36:19PM +0200, you wrote: > > > > > Hi, > > > The bash seems vulnerable to the symlink attack as well: > > > http://www.securityfocus.com/bid/2006 > > Where have you seen bash or FreeBSD? >=20 > Installed from /usr/ports/shells/bash2 (or bash1). Is it bash2 as well? I've only seen bash1 reported on bugtraq. > I don't know if the shipping /bin/sh is vulnerable. It's not. Kris --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjolK2IACgkQWry0BWjoQKXSCwCfcQumb74MZxp6572TpCQCd+oW AGUAoNMfKgMdOQD/U++YD8bvY4Q+bx8P =0Bmf -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001129081426.A5498>