Re: Potential vulnerabilities in BASH 4.3

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential vulnerabilities in BASH 4.3

From:	Chet Ramey
Subject:	Re: Potential vulnerabilities in BASH 4.3
Date:	Tue, 12 Aug 2014 09:04:39 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 8/11/14, 3:07 PM, Hádrian R wrote:
> Hi, I'm Hádrien Romero Soria - @Kaiwaiata, I am a 16 year old boy,
> passionate about computer security, since more than 8h searching and
> finding various possible vulnerabilities in source code of bash..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
> 
> foolish or important things?
> 
> unsafe use of *strcpy():*
> 
> bash-4.3.tar\bash-4.3\lib\sh\unicode.c:
> *line 87: *strcpy (charsetbuf, locale);

Thanks for the report.  This is a potential vulnerability if the value of
the LC_CTYPE variable is longer than 40 characters.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

Potential vulnerabilities in BASH 4.3, Hádrian R, 2014/08/11
- Re: Potential vulnerabilities in BASH 4.3, Mike Frysinger, 2014/08/11
- Re: Potential vulnerabilities in BASH 4.3, Chet Ramey <=
  - Re: Potential vulnerabilities in BASH 4.3, Chet Ramey, 2014/08/12

Prev by Date: Re: Potential vulnerabilities in BASH 4.3
Next by Date: Re: Segmentation fault bash 4.3.022
Previous by thread: Re: Potential vulnerabilities in BASH 4.3
Next by thread: Re: Potential vulnerabilities in BASH 4.3
Index(es):
- Date
- Thread