This issue was assigned CVE-2016-0634. See the oss-security notice here:
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
Shell Command Injection with the hostname
Status in bash package in Ubuntu:
If the HOSTNAME of the pc contains a shell command ,
the command will run every time you start a terminal, tty or xterm.
The command will also executed every time when you type in some command.
If you for example change the directory , it will run again.
Exploit Demo :
1) edit "/etc/hosts" to this :
2) edit "/etc/hostname" to this :
4) start a terminal
5) Now a file with the name "bug" will in your home folder !
6) Change the directory to Downloads with "cd Downloads/"
7) Now a file with the name "bug" is in your Downloads !
8) Remove the file with "rm bug"
9) The file "bug" is still there !
Have a look on the screenshot i have attached.
The hostname should be checked if there are shell commands inside !!
By the way :
The hostname is not always in the hands of the root.
Some people rent "vservers" and the hostname is in the hands of the isp.
DistroRelease: Ubuntu 15.10
Package: bash 4.3-14ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
Uname: Linux 4.2.0-15-generic x86_64
Date: Fri Oct 16 22:31:46 2015
InstallationDate: Installed on 2015-10-09 (6 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~touch-packages
Post to : email@example.com
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp