On Wed, Oct 8, 2014 at 4:29 AM, <[email protected]> wrote: > Tomáš Franke <[email protected]> wrote: > > [-- text/plain, encoding quoted-printable, charset: UTF-8, 52 lines --] > > > > This Bash bug can be abused when running the web server with CGI > > scripts, only. >
Not quite--see below > > ... and even then only if:- > > The web server is internet facing (unless you have enemies on your > LAN of course!) > That's true---it's not vulnerable if you can't reach it > The web server's CGI scripts use bash, they often use other shells > or even don't use a shell at all. > Apparently there is a problem because bash is used to process environment variables derived from HTTP header fields for any URL: http://blog.cloudflare.com/inside-shellshock/ That's why it's such a big deal around the Internet. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
