bashing your head against nation-state social engineering

Stephan Neuhaus stephan.neuhaus at
Sun Sep 28 23:58:24 PDT 2014

On 2014-09-28 15:47, wrote:
> I think this vulnerability should have been discovered with any kind of basic fuzzing.

If I understand the vulnerability correctly, it occurs in very specific 
circumstances, namely trailing data at the end of a function definition 
that's transported in an environment variable.

In that case, I'd venture that *no* kind of "basic fuzzing" could have 
uncovered this; the proportion of ShellShock-inducing environment 
variable definitions among all possible environment variables is simply 
too small.

What you would need instead is very specific syntax-directed fuzzing, 
and even then I'm not sure that you have a decent chance of discovering 
this without knowing already that it's there.



More information about the cypherpunks mailing list