[RndTbl] bash + procmail vulnerabilities

Trevor Cordes trevor at tecnopolis.ca
Thu Sep 25 06:02:30 CDT 2014


Wonderful, another day, another big bad security hole... or two.

Run your patches!

First up: bash:
$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin
OOPS
This account is currently not available.

http://www.openwall.com/lists/oss-security/2014/09/24/10

claims:

> In many common configurations, this vulnerability is exploitable over
> the network.

I'm trying to guess how?  In what instance is some program allowing
network vectors to set env vars, especially without sterilization?  Or
do I not want to know...

Next up, procmail has a formail buffer overflow that may or may not
allow arb code exec CVE-2014-3618.  Many stock procmail recipes use
formail.  It's easy to see how this one is remotely exploitable.


More information about the Roundtable mailing list