[Cialug] Shellshock Bash Remote Code Execution Vulnerability
Ron Houk
houk.ron at gmail.com
Sun Sep 28 17:07:25 CDT 2014
Okay. Thanks for the clarification. :)
On Sep 28, 2014 2:29 PM, "Paul Gray" <gray at cs.uni.edu> wrote:
> On 09/28/2014 02:17 PM, Ron Houk wrote:
> > Aren't Debian based systems using dash instead of bash?
>
> Complete apples and oranges question -
>
> Yes, dash is a standard package installed on Debian, and is the default
> link to /bin/sh
>
> However, bash is also installed by default on Debian (and practically
> every *nix OS, other than OpenSolaris and variants). On Debian, bash is
> the default shell for all login accounts.
>
> The key issue is, at least for the latest POC's, what shell do the
> cgi-bin scripts invoke?
>
> --
> Paul Gray -o)
> 314 East Gym, Dept. of Computer Science /\\
> University of Northern Iowa _\_V
> Message void if penguin violated ... Don't mess with the penguin
> No one says, "Hey, I can't read that ASCII attachment ya sent me."
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list