This issue was assigned CVE-2016-0634. See the oss-security notice here:

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.

  Shell Command Injection with the hostname

Status in bash package in Ubuntu:

Bug description:
  If the HOSTNAME of the pc contains a shell command , 
  the command will run every time you start a terminal, tty or xterm.

  The command will also executed every time when you type in some command.
  If you for example change the directory , it will run again.
  Exploit Demo :

  1) edit "/etc/hosts"  to this :     localhost      `ls>bug`

  2) edit "/etc/hostname" to this :


  3) reboot

  4) start a terminal

  5) Now a file with the name "bug" will in your home folder !

  6) Change the directory to Downloads with "cd Downloads/"

  7) Now a file with the name "bug" is in your Downloads !

  8) Remove the file with  "rm bug"

  9) The file "bug" is still there !

  Have a look on the screenshot i have attached.

  The hostname should be checked if there are shell commands inside !!

  By the way :
  The hostname is not always in the hands of the root. 
  Some people rent "vservers" and the hostname is in the hands of the isp.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: bash 4.3-14ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-15.18-generic 4.2.3
  Uname: Linux 4.2.0-15-generic x86_64
  ApportVersion: 2.19.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Oct 16 22:31:46 2015
  InstallationDate: Installed on 2015-10-09 (6 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: bash
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to