Tomáš Franke <[email protected]> wrote:
> [-- text/plain, encoding quoted-printable, charset: UTF-8, 52 lines --]
>
> This Bash bug can be abused when running the web server with CGI
> scripts, only.
>
... and even then only if:-
The web server is internet facing (unless you have enemies on your
LAN of course!)
The web server's CGI scripts use bash, they often use other shells
or even don't use a shell at all.
There is of course a vulnerability on *any* port open to the internet
where there is a possibility of running somethng which uses bash.
Presumably also the vulnerability is fixed in Ubuntu and Debian if you
simply do an 'apt-get update' and an 'apt-get upgrade'. It was fixed
on my desktop Linux system (Ubuntu) within 24 hours of the bug being
reported.
--
Chris Green
·
--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups
"BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
