Date: Wed, 24 Sep 2014 09:23:10 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security@...ts.openwall.com Cc: chet.ramey@...e.edu Subject: Re: CVE-2014-6271: remote code execution through bash Note that on Linux systems where /bin/sh is symlinked to /bin/bash, any popen() / system() calls from within languages such as PHP would be of concern due to the ability to control HTTP_* in the env. /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ