[GRLUG] CVE-2014-6271

Mark Farver mfarver at mindbent.org
Thu Sep 25 10:37:47 EDT 2014

If an attacker has remote control of environment variables think of the
damage that can be done with LD_LIBRARY_PATH.  Upload a file to a harmless
path on webserver and use the library path to link it into an executable
running in a CGI env.  Instant remote code execution.

Many applications have buffer overflows in environment handling.  Remote
code execution or denial of service.

Basically environment variables are not terribly secure and have not
received a lot of security analysis.  If you let an attacker control them
for a process running as another user there are probably vectors there.

On Sep 25, 2014 8:55 AM, "Michael Mol" <mikemol at gmail.com> wrote:

> On Thu, Sep 25, 2014 at 8:16 AM, Adam Tauno Williams
> <awilliam at whitemice.org> wrote:
> > On Wed, 2014-09-24 at 15:08 -0400, Mark Farver wrote:
> >> I think it is a stretch to label this remotely exploitable.
> >
> > Ditto.  This is a theoretical exploit of a system that has issues.
> I'd like to hear your explanation of this. Why would a system have to
> have "issues" for this to be exploitable? (Outside of the obvious that
> it's running a vulnerable version of bash.)
> --
> :wq
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20140925/a4b079a0/attachment.html>

More information about the grlug mailing list