Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash

X-seq: zsh-workers 33233
From: Chet Ramey <chet.ramey@xxxxxxxx>
To: İsmail Dönmez <ismail@xxxxxxxxx>, "Zsh Hackers' List" <zsh-workers@xxxxxxx>
Subject: Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
Date: Wed, 24 Sep 2014 10:59:18 -0400
Cc: chet.ramey@xxxxxxxx
In-reply-to: <CAJ1KOAjyBjbywavXwa+ejjQD1YjK8eCSGaESYhJxCb1e3KPjFg@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAJ1KOAjyBjbywavXwa+ejjQD1YjK8eCSGaESYhJxCb1e3KPjFg@mail.gmail.com>
Reply-to: chet.ramey@xxxxxxxx

On 9/24/14, 10:45 AM, İsmail Dönmez wrote:
> According to the vulnerability test in
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
> 
> [~]> echo $ZSH_VERSION
> 5.0.6
> 
> [~]> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
> 
> Looks like zsh is vulnerable too.

This doesn't mean zsh is vulnerable; only that it can be used to run `env'
to craft the environment variable.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@xxxxxxxx    http://cnswww.cns.cwru.edu/~chet/

References:
- zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash
  - From: İsmail Dönmez

Messages sorted by: Reverse Date, Date, Thread, Author