in the wild is presented.
So the argument to sanitise putenv to me has more weight when considering
general shell injection than this particular bash error.
and yet, I'm not quite convinced yet.
Sam
On 26 Sep 2014 20:53, Sean Mathews mathe...@nutech.com wrote:
In regard to CVE-2014-7169 CVE-2014-6271
Sean Mathews wrote:
In regard to CVE-2014-7169 CVE-2014-6271 looking at
busybox-1.22.1/networking/udhcp/dhcpc.c line 403 fill_envp() it seems
as if it would be trivial to mess with bootfile and inject a packet
that has garbage in the bootfile and exploit this vulnerability.
We should keep
In regard to CVE-2014-7169 CVE-2014-6271 looking at
busybox-1.22.1/networking/udhcp/dhcpc.c line 403 fill_envp() it seems as if
it would be trivial to mess with bootfile and inject a packet that has
garbage in the bootfile and exploit this vulnerability. Something as
trivial as removing some