[Novalug] Novalug] Mac and bash vulnerability bug

John Warren jpwarren00@gmail.com
Thu Sep 25 17:42:10 EDT 2014


For web servers a crafty user could get the same access as the web server, which is bad enough.  A determined user might be able to find privilege escalation from there.

On September 25, 2014, at 5:37PM, "Don E. Groves, Jr. via Novalug" wrote:

Yes I have a Mac with latest patches applied.

And
   env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Output is:
    vulnerable
    this is a test

Could a crafty user get 'root' or do other damage? I don't know

-- 
 djr


On Thu, Sep 25, 2014 at 1:03 PM, Bonnie Dalzell via Novalug <
novalug@firemountain.net> wrote:

>
>
> anyone there into macs?
>
> --
--
Don E. Groves, Jr.

Tag it's your turn now... ... ....
**********************************************************************
The Novalug mailing list is hosted by firemountain.net.

To unsubscribe or change delivery options:
http://www.firemountain.net/mailman/listinfo/novalug




More information about the Novalug mailing list