So what is the risk here? It seems like the a) the attacker would need to already have access to bash and they could then gain root access? or b) you would have to be serving cgi scripts? (or something similar that passes through to execute a script via bash)
-John On Sep 24, 2014 9:42 PM, "Charles Curley" <[email protected]> wrote: > On 24 Sep 2014 21:16:58 -0600 > "Andy Bradford" <[email protected]> wrote: > > > This is not the shell you're looking for... > > Are you playing shell games again? > > > -- > > The right of the people to be secure in their persons, houses, papers, > and effects, against unreasonable searches and seizures, shall not be > violated, and no Warrants shall issue, but upon probable cause, > supported by Oath or affirmation, and particularly describing the > place to be searched, and the persons or things to be seized. > -- U.S. Const. Amendment IV > > Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
