[Cialug] Shellshock Bash Remote Code Execution Vulnerability

Will staticphantom at gmail.com
Thu Sep 25 12:28:04 CDT 2014


Try reading this:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

-Will C

On Thu, Sep 25, 2014 at 1:23 PM, Scott Yates <Scott at yatesframe.com> wrote:

> Help me understand a couple thingss:
>
> How is this operating remotely?  I understand this being a problem if
> people have shell access to a box, but how is it that anything "remote" is
> allowed to set an environment variable in the first place?
>> ​Am I missing something here, or is this only a problem if someone already
> has shell access?​
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list