bash: security feature bypassed
A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
(from redmine: issue id 2990, created on 2014-06-05, closed on 2014-06-19)
- Relations:
- child #2991 (closed)
- child #2992 (closed)
- child #2993 (closed)
- child #2994 (closed)
- Changesets:
- Revision 15eb9878 by Natanael Copa on 2014-06-05T10:55:05Z:
main/bash: fix setuid bug
ref #2990
- Revision 3e589033 by Natanael Copa on 2014-06-17T11:55:11Z:
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
- Revision 47505bf1 by Natanael Copa on 2014-06-17T11:55:37Z:
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
- Revision 883b411c by Natanael Copa on 2014-06-17T11:57:19Z:
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
- Revision 53d049ee by Natanael Copa on 2014-06-17T12:01:39Z:
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD