On Thu, Sep 25, 2014 at 6:29 PM, Edward Ned Harvey (lopser) < lop...@nedharvey.com> wrote:
> My opinion: The only way to exploit the bug is to *first* run some > malicious code that would tweak your environment such that the bug is then > being exploited. I haven't looked to see if Apple's "Web Sharing" involves any CGI scripts. If it does, then Web Sharing is vulnerable. At least Apple doesn't use a DHCP client that passes random server-provided DHCP options to a configuration program in the environment. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
