bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Vulnerability


From: Andreas Schwab
Subject: Re: Security Vulnerability
Date: Sun, 07 Feb 2016 14:32:25 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux)

Rakesh Mane <address@hidden> writes:

> In real life, if an attacker founds a command injection vulnerability in
> some system then he can use this flaw to bypass filters or waf's by simply
> uploading a file having a command as filename (example: reboot) and then by
> sending "*" as command.

Sending arbitrary commands to a shell is a security bug, but not a bug
in the shell which is working as designed.

Andreas.

-- 
Andreas Schwab, address@hidden
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."



reply via email to

[Prev in Thread] Current Thread [Next in Thread]