Re: Very unclear
The problem is parsing of filenames by traditional unix utilities, since "everybody" knows that if a filename starts with dash (i.e. - ) then programs will parse it as if it was an option. That's why some programs support -- after which everything will be interpreted as filename, even if it "looks" like an option.
As for actual vulnerability .... well if you are running shell scripts as root and these use globbing, and it never occurred to you that users might have files starting with a dash ... now it time to start checking these scripts.
Biting the hand that feeds IT
