[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Alex Murray]

Even our oldest supported (as extended security maintenance) release
Ubuntu 12.04 had bash 4.2 (https://launchpad.net/ubuntu/+source/bash) -
so whether this affects bash 3.2.57 is not relevant to Ubuntu anymore.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Manoj Shanmuga Sundaram]

This bug was not fixed Upto bash v4.3 , this bug also arises in v3.2.57.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Launchpad Bug Tracker]

This bug was fixed in the package bash - 4.3-14ubuntu1.2

---
bash (4.3-14ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
  builtins/pushd.def.
- CVE-2016-9401

 -- Marc Deslauriers   Tue, 16 May 2017
07:51:45 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Launchpad Bug Tracker]

This bug was fixed in the package bash - 4.3-7ubuntu1.7

---
bash (4.3-7ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
  builtins/pushd.def.
- CVE-2016-9401

 -- Marc Deslauriers   Tue, 16 May 2017
07:52:48 -0400

** Changed in: bash (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Launchpad Bug Tracker]

This bug was fixed in the package bash - 4.3-15ubuntu1.1

---
bash (4.3-15ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
- debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
- CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/patches/bash43-048.diff: check for root in variables.c.
- CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/patches/bash44-006.diff: check for negative offsets in
  builtins/pushd.def.
- CVE-2016-9401

 -- Marc Deslauriers   Tue, 16 May 2017
07:44:56 -0400

** Changed in: bash (Ubuntu)
   Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7543

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9401

** Changed in: bash (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  Fix Released

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Tyler Hicks]

This issue was assigned CVE-2016-0634. See the oss-security notice here:

  http://openwall.com/lists/oss-security/2016/09/16/8

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Emily Ratliff]

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0634

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Marc Deslauriers]

I'm not sure what the attack vector here is. /etc/hostname is only
writeable by root.

Is there any way for an attacker to control /etc/hostname?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

@Marc
Yes , if some application has a bug , for example MintNanny :
https://bugs.launchpad.net/linuxmint/+bug/1460835

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

script

** Attachment added: "changehostname.sh"
   
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4510099/+files/changehostname.sh

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

#! /bin/sh
# run this as root early in the boot order. No other script like hostname.sh 
should run later
HOSTNAME="$(hostname|sed 's/[^A-Za-z0-9_\-\.]/x/g')";hostname "$HOSTNAME"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

Workaround ... 
to make my modified "hostname.sh" script run at startup, i changed the file 
/etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

/etc/init.d/hostname.sh start

exit 0

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

Thats better ... (the "-" was wrong in my previous posting )

HOSTNAME="${HOSTNAME//[^A-Za-z0-9_\-]/x}"

i attached a modified hostname.sh wich uses bash.

it can be startet manualy with

sudo  /etc/init.d/hostname.sh start

The command should somehow run at startup ... but does not by default ?

** Attachment added: "hostname.sh"
   
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4499613/+files/hostname.sh

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

Patch :

HOSTNAME=${HOSTNAME//[^A-Za-z0-9-_]/_}

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

I agree, 
i think the hostname should be in the hands of the kernel only.
Should not be overwritten by  /etc/hostname.sh.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

typo ... the path is 
/etc/init.d/hostname.sh

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

german demo video
https://www.youtube.com/watch?v=qYuVzHsklS8

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Seth Arnold]

I can't imagine the effort involved in hardening all applications to
treat the hostname as untrusted input.

ISPs that sell vservers are really no different from Intel or AMD or
whoever makes your CPU -- you trust them completely and totally with
your data, your executables, and your entire operating environment. They
can inject anything they wish into your system's memory whenever they
wish.

Making sure the dhcp clients don't allow setting these kinds of
hostnames however, that might be a good idea. Enforcing the usual dns
guidelines of a-zA-Z0-9-_ might be worthwhile..

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

[Bernd Dietzel]

** Attachment removed: "Dependencies.txt"
   
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497264/+files/Dependencies.txt

** Attachment removed: "JournalErrors.txt"
   
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497265/+files/JournalErrors.txt

** Attachment removed: "ProcEnviron.txt"
   
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+attachment/4497266/+files/ProcEnviron.txt

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1507025

Title:
  Shell Command Injection with the hostname

Status in bash package in Ubuntu:
  New

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
   
  Exploit Demo :

  1) edit "/etc/hosts"  to this :

  127.0.0.1 localhost
  127.0.1.1  `ls>bug`

  2) edit "/etc/hostname" to this :

  `ls>bug`

  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  
  Have a look on the screenshot i have attached.

  Solution:
  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp