GLSA-201511-01 : MirBSD Korn Shell: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201511-01 MirBSD Korn Shell: Arbitrary code execution Improper sanitation of environment import allows for appending of values to passed parameters. Impact : An attacker who already had access to the environment could so append...

MirBSD Korn Shell: Arbitrary code execution

Background MirBSD Korn Shell is an actively developed free implementation of the Korn Shell programming language and a successor to the Public Domain Korn Shell. Description Improper sanitation of environment import allows for appending of values to passed parameters. Impact An attacker who alrea...

[SECURITY] Fedora 21 Update: mksh-50f-1.fc21

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 20 Update: mksh-50f-1.fc20

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 22 Update: mksh-50f-1.fc22

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 20 Update: mksh-50c-1.fc20

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 19 Update: mksh-50c-1.fc19

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

Design/Logic Flaw

The Korn shell aka mksh before R33d on MirOS aka MirBSD does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a...

CVE-2008-1845

The vulnerability CVE-2008-1845 affects mksh (Korn shell) on MirOS/MirBSD prior to R33d. The issue is that mksh does not flush the tty I/O when invoked in a new terminal, allowing a local user to gain privileges by opening a virtual terminal and later having command sequences executed when anothe...

MirOS BSD Korn Shell本地权限提升漏洞

BUGTRAQ ID: 28768 MirOS BSD是运行在32位i386和sparc平台上的BSD家族操作系统。 MirBSD的Korn Shell（mksh）在通过-T命令行开关附加到TTY时存在错误，本地攻击者可以利用之前写入到所附加虚拟控制台的字符以运行mksh用户的权限执行任意命令。 MirOS Project MirBSD Korn Shell R33d MirOS Project ------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mirbsd.org...