[RndTbl] bash + procmail vulnerabilities

Trevor Cordes trevor at tecnopolis.ca
Thu Sep 25 06:02:30 CDT 2014

Wonderful, another day, another big bad security hole... or two.

Run your patches!

First up: bash:
$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin
This account is currently not available.



> In many common configurations, this vulnerability is exploitable over
> the network.

I'm trying to guess how?  In what instance is some program allowing
network vectors to set env vars, especially without sterilization?  Or
do I not want to know...

Next up, procmail has a formail buffer overflow that may or may not
allow arb code exec CVE-2014-3618.  Many stock procmail recipes use
formail.  It's easy to see how this one is remotely exploitable.

More information about the Roundtable mailing list