[v3.0] bash: security feature bypassed
A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
(from redmine: issue id 2994, created on 2014-06-05, closed on 2014-06-19)
- Relations:
- parent #2990 (closed)
- Changesets:
- Revision 47505bf1 by Natanael Copa on 2014-06-17T11:55:37Z:
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)