Wednesday, June 25, 2014

Back To The Future: Unix Wildcards Gone Wild

Hi,

We wanted to inform all major *nix distributions via our responsible
disclosure policy about this problem before posting it, because it is
highly likely that this problem could lead to local root access on many
distributions. But, since part of this research contained in the document
was mentioned on some blog entries, we are forced to release it in a
full version.


Download URL:
http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

Regards,
Leon Juranic

25 comments:

  1. Is there any fix or workaround?

    ReplyDelete
  2. Wake/grow up guys: find -print0, xargs -r0, grep -Z, sort -z have been recomended with explicit mention of file/directory names starting with "-" within ALT Linux Secure Packaging Policy by Dmitry Levin back in 2001 or so.

    ReplyDelete
  3. Really nice post. Unix is a multiuser and multi tasking operating system at the same time. Unix Training in Chennai offering real time Unix course at reasonable cost.

    ReplyDelete
  4. Genuinely tolerable post. Unix is a multiuser and multi tasking working structure meanwhile. offering progressing Unix course at sensible cost.

    oracle dba training in chennai | hadoop training in chennai | dot net training in chennai

    ReplyDelete
  5. how ill use unix used in defense coding can you explain that
    http://www.thinkittraining.in/linux-training

    ReplyDelete
  6. Thank you for the useful post. It helps a lot in my training. I share your blog with my students. Keep posting more.
    Selenium Training in Chennai

    ReplyDelete
  7. Thanks for sharing this informative content that guided me to know the details about the training offered in different technology and has wide opportunities for exchange.
    Selenium Training in Chennai |HTML5 Training in Chennai | German Classes in Chennai

    ReplyDelete
  8. very informative blog. Helps to gain knowledge about new concepts and techniques. Thanks for posting information in this blog
    Dotnet Training in Chennai

    ReplyDelete
  9. Cool and nice blog very nice information are shared here .. iOS Training in Chennai

    ReplyDelete
  10. This is very nice and informative post thanks for sharing website design services

    ReplyDelete

  11. Thanks for this great information. That’s a awesome article you posted.
    I found the post very useful as well as interesting.

    Seo training in Chennai

    ReplyDelete
  12. nice about secutity..
    SEO training in hyderabad by experts in digital markeing And by prosessional experts in seo.All the training by placement and also guide by the professionals.SEO training in hyderabad

    ReplyDelete
  13. Pretty article! I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing.
    Regards,
    seo course in chennai

    ReplyDelete
  14. Great post. happy to visit your blog. Keep sharing such a useful post.

    web designing training in chennai

    ReplyDelete
  15. 100% Job Oriented R Programming Training In Chennai for more Information click tothe best java training in chennaijava training in chennai.

    ReplyDelete
  16. 100% Job Oriented R Programming Training In Chennai for more Information click tothe best dot-net training in Chennai dot-net training in Chennai.

    ReplyDelete
  17. • thank s for sharing the wonderful content with us.it helps us to know more shuttle services for their education services.
    oracle training in chennai

    ReplyDelete