|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2014-09-24 20:13:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
A remotely exploitable hole in bash
The bash shell has a vulnerability in its environment variable processing
that could be remotely exploited in some situations — with CGI scripts
being at the top of the list. "The fact that an environment variable with an arbitrary name can be
used as a carrier for a malicious function definition containing
trailing commands makes this vulnerability particularly severe; it
enables network-based exploitation."
The problem was disclosed (a little) prematurely, so
updates are still coming in from the distributors.
The bash shell has a vulnerability in its environment variable processing
that could be remotely exploited in some situations — with CGI scripts
being at the top of the list. "The fact that an environment variable with an arbitrary name can be
used as a carrier for a malicious function definition containing
trailing commands makes this vulnerability particularly severe; it
enables network-based exploitation."
The problem was disclosed (a little) prematurely, so
updates are still coming in from the distributors.
