Moritz Muehlenhoff wrote:
> Martin Schulze wrote:
> > > > Due to a bug in the environment variable substitution code it is
> > > > possible to inject environment variables such as LD_PRELOAD and gain a
> > > > root shell.
> > >
> > > Confirmed.
> > >
> > > Joey we'll need an ID for it.
> >
>
Martin Schulze wrote:
> > > Due to a bug in the environment variable substitution code it is
> > > possible to inject environment variables such as LD_PRELOAD and gain a
> > > root shell.
> >
> > Confirmed.
> >
> > Joey we'll need an ID for it.
>
> Please use CVE-2005-3344 and inform vendor-
Steve Kemp wrote:
> > Due to a bug in the environment variable substitution code it is
> > possible to inject environment variables such as LD_PRELOAD and gain a
> > root shell.
Charles Stevenson discovered that osh, the operator's shell for
executing defined programs in a privileged environment,
Steve Kemp wrote:
> On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote:
>
> > Due to a bug in the environment variable substitution code it is
> > possible to inject environment variables such as LD_PRELOAD and gain a
> > root shell.
>
> Confirmed.
>
> Joey we'll need an ID fo
On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote:
> Due to a bug in the environment variable substitution code it is
> possible to inject environment variables such as LD_PRELOAD and gain a
> root shell.
Confirmed.
Joey we'll need an ID for it.
I guess we need to use tw
patch attached
--
Oohara Yuuma <[EMAIL PROTECTED]>
Lord, what fools these mortals be!
--- William Shakespeare, "A Midsummer-Night's Dream"
diff -u -rN osh-1.7-unmodified/debian/changelog osh-1.7/debian/changelog
--- osh-1.7-unmodified/debian/changelog 2005-11-09 23:34:25.0 +0900
+++ osh-
Package: osh
Version: 1.7-14
Severity: critical
Tags: security
Justification: root security hole
Due to a bug in the environment variable substitution code it is
possible to inject environment variables such as LD_PRELOAD and gain a
root shell.
Fully-functional local root exploit here:
http://p
7 matches
Mail list logo