Date: Sat, 4 Oct 2014 15:15:00 +0100 From: Steve Jones <trevd1234@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) cd.textfiles.com and archive.org both have a collection of shareware cd images of a stripes from around that era. They're probably worth a look. The GNU bulletins may serve as another useful historical artifact. http://www.gnu.org/bulletins/ Bulletin 7 has the bash beta announce and each issue has a list of ftp download sites. I expect most are dead but you get lucky I suspect the trail runs cold in this case due to the GNUFtp Hack incident of 2003 http://net-security.org/article.php?id=544 On 4 October 2014 14:22, Hanno Böck <hanno@...eck.de> wrote: > Am Sat, 4 Oct 2014 00:19:06 +0100 > schrieb Riot <rain.backnet@...il.com>: > >> We then worked further back in time, unearthing bash 1.08.2 on an >> ancient 1991 Atari ST image: >> http://images.rymate.co.uk/images/iwaSGPo.png This was also >> vulnerable. This version is relevant because the first version of >> bash ported to linux was bash 1.08 - here's the original post by >> Linus at the tender age of advertising his first build of linux on >> the minix newsgroup in 1991, explicitly mentioning bash 1.08. This >> datum told us that shellshock is older than all of linux, which makes >> for a nice soundbite for the press. >> >> Going back further proved very difficult because few archives >> including these early versions exist anywhere, and by all accounts >> the early releases were buggy and not particularly portable. We >> eventually managed to locate an image for an obscure Japanese >> Human68k containing bash 1.05. Here it identifies itself as bash >> 1.05 X6_19: http://images.rymate.co.uk/images/kH8VnTo.png The file >> is dated 12/08/1991... and of course it's vulnerable: >> http://images.rymate.co.uk/images/zTYm05I.png > > > Can you post the relevant download links to the atari st / 68k images > and other possibly interesting stuff? Or where they from private > archives? > > I think independently of current events this might be interesting for > people digging in IT history, so having them somewhere easy to find > would be nice. > > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ