Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash

X-seq: zsh-workers 33232
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: Frank Terbeck <ft@xxxxxxxxxxxxxxxxxxx>, Zsh Hackers' List <zsh-workers@xxxxxxx>
Subject: Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
Date: Wed, 24 Sep 2014 16:01:19 +0100
In-reply-to: <87fvfhvzl9.fsf@ft.bewatermyfriend.org>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
Organization: Samsung Cambridge Solution Centre
References: <CAJ1KOAjyBjbywavXwa+ejjQD1YjK8eCSGaESYhJxCb1e3KPjFg@mail.gmail.com> <87fvfhvzl9.fsf@ft.bewatermyfriend.org>

On Wed, 24 Sep 2014 16:54:10 +0200
Frank Terbeck <ft@xxxxxxxxxxxxxxxxxxx> wrote:
> Bash has this weird feature, where you can "export functions". I suspect
> that's what's happening here. Zsh doesn't have this feature. Thankfully.

I was going to suggest the same.  Can anyone less lazy / busy [pick
whatever you think] than me confirm for sure?  Be nice to know.

Cheers
pws

Follow-Ups:
- Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
  - From: Jérémie Roquet
- Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
  - From: Frank Terbeck

References:
- zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
  - From: İsmail Dönmez
- Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
  - From: Frank Terbeck

Messages sorted by: Reverse Date, Date, Thread, Author