a few weeks ago we found a vulnerability in GNU/bash path completion feature.
The bug has already been fixed by Chet Ramey; the most used Linux distributions in productions have not been vulnerable.
Unluckily, we were not able to reach the CVE people, but since the bug has already been fixed, more than two weeks ago, we decided to publish the small report anyways.
a few weeks ago we found a vulnerability in GNU/bash path completion feature.
The bug has already been fixed by Chet Ramey; the most used Linux distributions in productions have not been vulnerable.
Unluckily, we were not able to reach the CVE people, but since the bug has already been fixed, more than two weeks ago, we decided to publish the small report anyways.
Jens Heyens
<jens.heyens@cispa.saarland>
CISPA <https://cispa.saarland/>
Related Reddit thread: https://www.reddit.com/r/security/comments/5slvtu/how_do_i_r...