[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] bash critical vulnerability - update NOW!
- Subject: [ale] bash critical vulnerability - update NOW!
- From: james.sumners at gmail.com (James Sumners)
- Date: Mon, 29 Sep 2014 15:55:58 -0400
- In-reply-to: <[email protected]>
- References: <CAEo=5PzyJnEKg0kkk3-uPqffgM7HxQZ9aedxMVfxMQwByRYggg@mail.gmail.com> <CAAt=rgD+dk5NWHmdEiK1zHpNDspRuK8+mBOXxhEBeAhDqF3VxQ@mail.gmail.com> <[email protected]>
On Sun, Sep 28, 2014 at 7:44 PM, Derek Atkins <warlord at mit.edu> wrote:
> James Sumners <james.sumners at gmail.com> writes:
>
> > The moral of this story: don't write CGI scripts in Bash.
>
> It's more than just CGI, unfortunately. Anything that runs bash can be
> hit. For example, DHCP is succeptible.
>
And then we have shenanigans like this -- https://github.com/jaburns/ngincat
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptible. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140929/e8944081/attachment.html>