Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 13 Apr 2015 10:17:27 -0500
From: Mark Felder <feld@...d.me>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: freebsd/sh stack overflow vulnerability



On Tue, Mar 31, 2015, at 05:42, wzt wzt wrote:
> hi:
>     I found sh have a stack overflow bug on freebsd(9.0-10.0),  it may be
> triggered on all freebsd systems, but i have not tested yet. the poc
> below
> is tested on freebsd10.0 amd64 arch:
> 

I brought this to the attention of jilles@, the current sh(1) maintainer
in FreeBSD. He responded:

"Since unset command is equivalent to unset -v command in our sh, this
is equivalent to sh -c 'f() { f; }; f', and not a vulnerability."

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.