[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How worse is the shellshock bash bug than Heartbleed?

To: Georgi Guninski <[email protected]>
Subject: How worse is the shellshock bash bug than Heartbleed?
From: [email protected] (Lodewijk andré de la porte)
Date: Tue, 30 Sep 2014 11:55:55 +0200
Cc: [email protected]
In-reply-to: <[email protected]$>
References: <[email protected]$>

Heartbleed was a memory leak that eventually, after carefully calculated
exploiting, can lead to a remote root.

Shellshock depends on a lot of environmental details, but is possible
little more than a hard to reach shell with elevated permissions.

I guess heartbleed was actually worse. Who runs webscripts and stuff in
root? That's really foolhardy. But using OpenSSL ... We usually thought it
good practice!
On Sep 30, 2014 11:41 AM, "Georgi Guninski" <[email protected]> wrote:

> Recently a bash(1) bug called shellsock died.
> It affected Apache, DHCP, SSH,qmail,Pure-FTPd and other stuff.
> Summary of affected:
> https://github.com/mubix/shellshocker-pocs/blob/master/README.md
>
> I find this _much_ worse than the passive Heartbleed.
>
> How worse is the shellshock bash bug than Heartbleed?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140930/4c65a23b/attachment.html>

Follow-Ups:
- How worse is the shellshock bash bug than Heartbleed?
  - From: [email protected] ("Łukasz \"Cyber Killer\" Korpalski")

References:
- How worse is the shellshock bash bug than Heartbleed?
  - From: [email protected] (Georgi Guninski)

Prev by Date: Firechat, this «freedom of speech-app» is bogus
Next by Date: How worse is the shellshock bash bug than Heartbleed?
Previous by thread: How worse is the shellshock bash bug than Heartbleed?
Next by thread: How worse is the shellshock bash bug than Heartbleed?
Index(es):
- Date
- Thread