Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 13 Apr 2015 10:17:27 -0500
From: Mark Felder <feld@...d.me>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: freebsd/sh stack overflow vulnerability



On Tue, Mar 31, 2015, at 05:42, wzt wzt wrote:
> hi:
>     I found sh have a stack overflow bug on freebsd(9.0-10.0),  it may be
> triggered on all freebsd systems, but i have not tested yet. the poc
> below
> is tested on freebsd10.0 amd64 arch:
> 

I brought this to the attention of jilles@, the current sh(1) maintainer
in FreeBSD. He responded:

"Since unset command is equivalent to unset -v command in our sh, this
is equivalent to sh -c 'f() { f; }; f', and not a vulnerability."

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ