|
|
|
|
|
|
by timv
4288 days ago
|
|
|
As best I can tell no one has (publicly) demonstrated a mechanism to turn this into an RCE (despite efforts to do so). http://seclists.org/oss-sec/2014/q3/679 Of course, that doesn't mean there isn't one. It's clearly a reasonably significant issue - the setting of environment variables can cause unintended file system writes (and the same parsing bug can be used for reads) - and you're better off assuming that someone will determine an exploit based on it. |
|
|