[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] bash vulnerability

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] bash vulnerability
From: Tom <madtom1999@xxxxxxxxxxxxxx>
Date: Fri, 26 Sep 2014 16:32:36 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Type:Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:References:To:MIME-Version:Date:Message-ID:From; bh=oY1pRIT1Z6BZkb/tSZyt6YRvJUJhVapq6bbbfVhfn7s=; b=sD5hGPr3eRcqjbELsMWjvDRvRC93OQA0B2Hsgy5ny7vTZO9tRYt5/9grRd6p0tL7+HRLfyO1qEvN8Z4FyBI1j/4Bd2msYfuXUJtBHx09ZiJEdbIK1MRwtnosuGTkKbWWT1BunwAxz+Ig0BpkbrWF0w4TKti99PNCNXCboyVroBQ=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:message-id:date:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=YiAwMMHXtiihAmg0RO2Tx0kWPcORr537AnTH9GHCdE4=; b=O9DOjpEcsjW8CojkicrsDLnjYJmg6+jbba7+YePmSkV+kwpoN/43N5ByyGDr48vjtZ 9dHuSj4iPXPcuJvRFCDXAsFBoJ7EQs5xIhPy/65+aIgtpvDijkkE9P3SKkOv6kufOUnd bLGPGJAKFG1REphawjrvMrKSKUktsRA20RiMi3pImKXXHbW71nzh3+X/tTkJcpggy0II ayo1g2qGghcwcA9h2E8lnK35n8eZ06H2YzCJBJzU39y5ISSVtiROyBmzgHD2dVqSORmk N2lteZC8WLMNgBDYZdAsjW75UadTrflLvuhkXyJfJj+iL5p59xAh2nP1pm1E2DssYGdn +KWA==

On 26/09/14 14:38, Simon Waters wrote:

On 26/09/14 12:28, Tom wrote:


* this is assuming your web server is nicely set up so that effing with
the various CGI strings doesnt gain you access to something else - if it
does its not the window latches fault.


If your CGI runs bash you are toast.

Our system admin Max had to prove it to himself.....

https://www.surevine.com/shellshocked-a-quick-demo-of-how-easy-it-is-to-exploit/

/etc/passwd doesn't contain any useful data any more does it? I thoughtthat have been swept away years ago

Tom te tom te tom

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] bash vulnerability
  - From: Tom
- Re: [LUG] bash vulnerability
  - From: Matt Stevenson
- Re: [LUG] bash vulnerability
  - From: Eion MacDonald
- Re: [LUG] bash vulnerability
  - From: Roland Tarver
- Re: [LUG] bash vulnerability
  - From: Tom
- Re: [LUG] bash vulnerability
  - From: Gordon Henderson
- Re: [LUG] bash vulnerability
  - From: Jay Bennie
- Re: [LUG] bash vulnerability
  - From: Tom
- Re: [LUG] bash vulnerability
  - From: Simon Waters

Prev by Date: Re: [LUG] bash vulnerability
Next by Date: Re: [LUG] bash vulnerability
Previous by thread: Re: [LUG] bash vulnerability
Next by thread: Re: [LUG] bash vulnerability
Index(es):
- Date
- Thread