bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential vulnerabilities in BASH 4.3


From: Hádrian R
Subject: Potential vulnerabilities in BASH 4.3
Date: Mon, 11 Aug 2014 21:07:06 +0200

Hi, I'm Hádrien Romero Soria - @Kaiwaiata​​, I am a 16 year old boy,
passionate about computer security, since more than 8h searching and
finding various possible vulnerabilities in source code of bash..
I will tell you one vulnerability now, if they treat me well I will tell
the other..

foolish or important things?

unsafe use of *strcpy():*

bash-4.3.tar\bash-4.3\lib\sh\unicode.c:
*line 87: *strcpy (charsetbuf, locale);

*#* if an attacker manages to take control of *charsetbuf[40];*, may cause
a buffer overflow, which would be directed toward *.bss *it's not too
dangerous but is a vulnerability.

i hope answer, thanks a lot!,
HádrienR - kaiwaiata.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]