On Tue, Nov 07, 2017 at 11:58:40AM +0000, Alex Nichols wrote: > In order to trigger the bug I executed the command *`*cat sploit.buf*`*
> This bug may present a potential security risk as a malicious user may be > able to crash a users bash session by tricking them into executing a > malicious bash script. Then it's a social engineering attack, not a security vulnerability in bash. There are plenty of commands that would be extremely damaging if someone with malicious intent tricks you into running them. Not just the classic fork bomb that looks like a totem pole, either. Even something as basic as rm is potentially devastating, and can be obfuscated (for instance, as $'\162\155').
