Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44282
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: David Wells <bughunters@xxxxxxxxxxx>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Fri, 10 May 2019 09:37:15 -0700
Cc: "zsh-workers@xxxxxxx" <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BhfJ+6rw12FLzVFe0pHrE7RLLHvZVrTtoXktFc+dRR8=; b=qctaylrt2jcrLjOu1YhPpR9oMshcHPbEkibdSBUM0rrcZdOGj0aubP7auoU6M6/MHl Bl/hTbVsP9XVXXKlFTzW1lUF7iJl6PLzJDbgZ7nTIYPCtVDCFcUxzzeTTW1cCsOp28H5 tdxMafKSExdlEVkPqHyw2Yn/ahLWQUJXC2DSzGSZXokWuOD1cPGri+stubn9/AnVbPRJ IARg4aXCxPlCjMil82Paow6sDtYFVEOmtwTk5+GN4cxVH8pJt4CzdJjmtvwQaFyNkj7t lcxJUqrmud91oLhAtF78ahsGF/ia8hslmEhjhhW2Wt3YLNBNK/30OsRMc4l8KUIuas/R 2UKg==
In-reply-to: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com>

It would be helpful if you could explain how this would be exploited
by someone who is not already able to cause the zsh user to execute
some other arbitrary commands.  What's the point of crashing
somebody's shell if you can instead make it remove all their files or
email you their private ssh keys or something?

Follow-Ups:
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells

Messages sorted by: Reverse Date, Date, Thread, Author