bash
Page content
- Author: kikadf
- Vulnerable: 4.2_045-5arcturus2
- Unaffected: 4.2_053-1arcturus1
Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code.