|
Message-Id: <1428938247.1254338.253090497.164C53F0@webmail.messagingengine.com> Date: Mon, 13 Apr 2015 10:17:27 -0500 From: Mark Felder <feld@...d.me> To: oss-security@...ts.openwall.com Subject: Re: CVE request: freebsd/sh stack overflow vulnerability On Tue, Mar 31, 2015, at 05:42, wzt wzt wrote: > hi: > I found sh have a stack overflow bug on freebsd(9.0-10.0), it may be > triggered on all freebsd systems, but i have not tested yet. the poc > below > is tested on freebsd10.0 amd64 arch: > I brought this to the attention of jilles@, the current sh(1) maintainer in FreeBSD. He responded: "Since unset command is equivalent to unset -v command in our sh, this is equivalent to sh -c 'f() { f; }; f', and not a vulnerability."
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.