[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] bash vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] bash vulnerability
- From: Simon Waters <simon@xxxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2014 14:38:31 +0100
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:References:To:MIME-Version:From:Date:Message-ID; bh=4TvmnMwbYHbKBTnk9yaw+l06SQnHrOKZ+4tlkYdJSLk=; b=Qu9ycGgJd9nKfE101kvgu6FKES/9aa1ClGNcHwy4F4P7MOV8hsP0a8Im8J4eoxa7lmVTgBYKFM+xpnIgv38jcWBCp12DqAaZ/32GC5qGjpM23eWVSTpLOVD8K+7A0EfwZi9v3rrG2XzDf0GTrS1d0Ot+W6kRWzftuECMcWQY/UU=;
- Openpgp: id=8F455606
On 26/09/14 12:28, Tom wrote:
>
> * this is assuming your web server is nicely set up so that effing with
> the various CGI strings doesnt gain you access to something else - if it
> does its not the window latches fault.
If your CGI runs bash you are toast.
Our system admin Max had to prove it to himself.....
https://www.surevine.com/shellshocked-a-quick-demo-of-how-easy-it-is-to-exploit/
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
