Re: Security Vulnerability

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Vulnerability

From:	Andreas Schwab
Subject:	Re: Security Vulnerability
Date:	Sun, 07 Feb 2016 14:32:25 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux)

Rakesh Mane <rakeshmane12345@gmail.com> writes:

> In real life, if an attacker founds a command injection vulnerability in
> some system then he can use this flaw to bypass filters or waf's by simply
> uploading a file having a command as filename (example: reboot) and then by
> sending "*" as command.

Sending arbitrary commands to a shell is a security bug, but not a bug
in the shell which is working as designed.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

[Prev in Thread]

Current Thread

[Next in Thread]

Security Vulnerability, Rakesh Mane, 2016/02/07
- Re: Security Vulnerability, Andreas Schwab <=
- Re: Security Vulnerability, Ángel González, 2016/02/07

Prev by Date: Security Vulnerability
Next by Date: Re: Security Vulnerability
Previous by thread: Security Vulnerability
Next by thread: Re: Security Vulnerability
Index(es):
- Date
- Thread