I just read through this:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
It appears that using something like gitolite to manage your Git
repository could be a problem, because users can bypass the ForceCommand
and execute arbitrary code.
If you use Apache's mod_cgi or mod_cgid, you may be vulnerable. This
includes scripts not using bash directly, but which make system() or
popen() calls.
DHCP clients may be vulnerable, and would generally provide root access.
Fortunately, very few mobile devices have bash. Update your Linux or Mac
laptop, though.
If you can influence the environment of a SUID script, it may allow
privilege escalation.
That appears to be pretty much it. Some clever black hats will probably
figure out some other ways to exploit it, so you should probably update
anyway, even if none of these affect you.
Steve
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
