View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000536 | Kali Linux | General Bug | public | 2013-08-22 20:50 | 2018-01-29 11:11 |
Reporter | compuwar | Assigned To | g0tmi1k | ||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | suspended | ||
Platform | All | OS | All | OS Version | All |
Summary | 0000536: Debian default shell security issue | ||||
Description | By default, Debian links /bin/sh to /bin/dash as its default shell. This shell is vulnerable to set-uid exploits as described here: http://blog.cmpxchg8b.com/2013/08/security-debianisms.html (Sample uses VMWare as an example.) Fix:
a. Issue the command: dpkg-reconfigure dash.
| ||||
Steps To Reproduce | Follow above links to see. | ||||
Additional Information | Initially marking as private- not earth-shattering, but it's a possible priv. escalation on current systems, please feel free to switch status to public. Yes, I know we're all running as root anyway, and the attack surface is small, but I'm erring on the side of caution. | ||||
As a first step, I filed two bugs on the Debian BTS against bash and dash: Because it seems to me that this issue needs to be solved at the Debian level and not only at the Kali level. |
|
The proposed patches from the mailing list thread can be found here: |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-08-22 20:50 | compuwar | New Issue | |
2014-01-10 14:42 | rhertzog | Note Added: 0001326 | |
2014-01-10 14:43 | rhertzog | Priority | immediate => normal |
2014-01-10 14:43 | rhertzog | Severity | block => feature |
2014-01-10 14:46 | dookie | Note Added: 0001327 | |
2014-01-10 14:47 | rhertzog | Description Updated | |
2014-01-10 14:48 | rhertzog | Relationship added | related to 0000540 |
2014-01-10 14:49 | rhertzog | View Status | private => public |
2018-01-29 11:11 | g0tmi1k | Assigned To | => g0tmi1k |
2018-01-29 11:11 | g0tmi1k | Status | new => closed |
2018-01-29 11:11 | g0tmi1k | Resolution | open => suspended |