[Cialug] Shellshock Bash Remote Code Execution Vulnerability
Paul Gray
gray at cs.uni.edu
Sun Sep 28 14:28:35 CDT 2014
On 09/28/2014 02:17 PM, Ron Houk wrote:
> Aren't Debian based systems using dash instead of bash?
Complete apples and oranges question -
Yes, dash is a standard package installed on Debian, and is the default
link to /bin/sh
However, bash is also installed by default on Debian (and practically
every *nix OS, other than OpenSolaris and variants). On Debian, bash is
the default shell for all login accounts.
The key issue is, at least for the latest POC's, what shell do the
cgi-bin scripts invoke?
--
Paul Gray -o)
314 East Gym, Dept. of Computer Science /\\
University of Northern Iowa _\_V
Message void if penguin violated ... Don't mess with the penguin
No one says, "Hey, I can't read that ASCII attachment ya sent me."
More information about the Cialug
mailing list