bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I think I may have found a possible dos attack vector within bash.


From: Stephane Chazelas
Subject: Re: I think I may have found a possible dos attack vector within bash.
Date: Tue, 20 Mar 2012 18:17:30 +0000
User-agent: Mutt/1.5.21 (2010-09-15)

2012-03-20 16:47:51 +0000, Eamonn Smyth:
> Without sounding alarmist, I can break my machine using bash. I also have a
> fix. I shall be officially releasing the c code this weekend at the
> hackathon london.
[...]

A DOS vector often found is bash *scripts* is when a script
takes user input in a variable and that variable is left
unquoted upon expansion in list contexts.

For instance this CGI script which looks harmless at first
glance:

#! /bin/bash -
q=$QUERYSTRING
printf '%s\r\n' "Content-type: text/plain" ""
if echo $q | grep ...; then
  echo "Invalid input"
fi

Try with values of $QUERYSTRING like
/*/*/*/../../../*/*/*/../../../*/*/*/../../../*/*/*

(beware it might cause your computer to crash)

-- 
Stephane






reply via email to

[Prev in Thread] Current Thread [Next in Thread]