Please Visit: http://ift.tt/1ajReyV
from Public RSS-Feed of Jeffery yuan. Created with the PIXELMECHANICS 'GPlusRSS-Webtool' at http://gplusrss.com http://ift.tt/1NeEgJi
via LifeLong Community
ShellShock: All you need to know about the Bash Bug vulnerability
http://ift.tt/ZR4DAQ
http://ift.tt/1DAcDW9
http://ift.tt/1001eQi
http://ift.tt/1xinRgq
http://ift.tt/1AOKwhy
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
export foo='() { echo "Inside function" ; }; echo "unexpected code"'
bash -c 'echo hello'
Note that the echo outside the function definition has been unexpectedly executed during bash startup. The function definition is just a step to get the evaluation and exploit to happen, the function definition itself and the environment variable used are arbitrary. The shell looks at the environment variables, sees foo, which looks like it meets the constraints it knows about what a function definition looks like, and it evaluates the line, unintentionally also executing the echo (which could be any command, malicious or not).
http://ift.tt/ZR4DAQ
http://ift.tt/1DAcDW9
http://ift.tt/1001eQi
http://ift.tt/1xinRgq
http://ift.tt/1AOKwhy
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
export foo='() { echo "Inside function" ; }; echo "unexpected code"'
bash -c 'echo hello'
Note that the echo outside the function definition has been unexpectedly executed during bash startup. The function definition is just a step to get the evaluation and exploit to happen, the function definition itself and the environment variable used are arbitrary. The shell looks at the environment variables, sees foo, which looks like it meets the constraints it knows about what a function definition looks like, and it evaluates the line, unintentionally also executing the echo (which could be any command, malicious or not).
from Public RSS-Feed of Jeffery yuan. Created with the PIXELMECHANICS 'GPlusRSS-Webtool' at http://gplusrss.com http://ift.tt/1NeEgJi
via LifeLong Community
No comments:
Post a Comment