<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">I'm trying to guess how? In what instance is some program allowing<br></span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">network vectors to set env vars, especially without sterilization? Or<br></span><span style="font-family:arial,sans-serif;font-size:12.7272720336914px">do I not want to know...</span></blockquote><div><br></div>My guess would be anything attached to a web server -- CGI, dynamic apps that shell out to stuff like imagemagick, etc. Headers are passed through to the script: HTTP_REFERER, USER_AGENT, and so forth.<div><br></div><div>Sean</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 25, 2014 at 6:02 AM, Trevor Cordes <span dir="ltr"><<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Wonderful, another day, another big bad security hole... or two.<br>
<br>
Run your patches!<br>
<br>
First up: bash:<br>
$ env x='() { :;}; echo OOPS' bash -c /usr/sbin/nologin<br>
OOPS<br>
This account is currently not available.<br>
<br>
<a href="http://www.openwall.com/lists/oss-security/2014/09/24/10" target="_blank">http://www.openwall.com/lists/oss-security/2014/09/24/10</a><br>
<br>
claims:<br>
<br>
> In many common configurations, this vulnerability is exploitable over<br>
> the network.<br>
<br>
I'm trying to guess how? In what instance is some program allowing<br>
network vectors to set env vars, especially without sterilization? Or<br>
do I not want to know...<br>
<br>
Next up, procmail has a formail buffer overflow that may or may not<br>
allow arb code exec CVE-2014-3618. Many stock procmail recipes use<br>
formail. It's easy to see how this one is remotely exploitable.<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Sean Walberg <<a href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>> <a href="http://ertw.com/" target="_blank">http://ertw.com/</a>
</div>