[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Potential vulnerabilities in BASH 4.3
From: |
Hádrian R |
Subject: |
Potential vulnerabilities in BASH 4.3 |
Date: |
Mon, 11 Aug 2014 21:07:06 +0200 |
Hi, I'm Hádrien Romero Soria - @Kaiwaiata, I am a 16 year old boy,
passionate about computer security, since more than 8h searching and
finding various possible vulnerabilities in source code of bash..
I will tell you one vulnerability now, if they treat me well I will tell
the other..
foolish or important things?
unsafe use of *strcpy():*
bash-4.3.tar\bash-4.3\lib\sh\unicode.c:
*line 87: *strcpy (charsetbuf, locale);
*#* if an attacker manages to take control of *charsetbuf[40];*, may cause
a buffer overflow, which would be directed toward *.bss *it's not too
dangerous but is a vulnerability.
i hope answer, thanks a lot!,
HádrienR - kaiwaiata.
- Potential vulnerabilities in BASH 4.3,
Hádrian R <=