I know, common knowledge ignored.... but for those wanting a clue.... It's not an exploit if you are already root and just tell the system to trash itself. ;) Denial of service for youself is also not a 0day. In some cases it may be interesting if you can kick a service down for other users too if you can do it as non root with a method other than a fork or ohter resource bomb. Not sure about the first one. It didn't seem to do anything. $ exec &>&- [1] 22829 $ [1] + Done exec
The second one operates as I would expect. If you still see an exploit out of this, be more specific as to OS, etc... ________________________________ From: [EMAIL PROTECTED] on behalf of nocfed Sent: Thu 8/18/2005 4:37 PM To: [email protected] Subject: Re: [Full-disclosure] bash vulnerability? I have two more 0day's for you to look into. This may take YEARS to figure out! 1) exec &>&- WHOA! WHAT HAS HAPPEN!? 2) kill -9 -1 WASH, REPEAT! Nobody has been informed of the aformentioned '0day' and common knowledge has been ignored. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
