[Liverpool] Fwd: [lugmaster] Urgent Bash Vulnerability
Lucas
lmcdavid at gmail.com
Thu Sep 25 16:27:51 UTC 2014
I've been struggling to find issues with it too, I believe on web software
such as apache/nginx the headers are passed through cgi to your
php/ruby/python services where you can supposedly inject other bash
statements. That said I've used wget with many of the example headers given
and gotten no luck on anything I've tried it on.
So, either the response to this has been very quick or it's just not that
big.
On 25 Sep 2014 16:07, "Sebastian Arcus" <s.arcus at open-t.co.uk> wrote:
> On 25/09/14 15:11, Dan Lynch wrote:
>
>> Hello all,
>>
>> Have a look at the email below. You might already know about this but
>> just in case I'm forwarding it as suggested on the Lugmaster list.
>>
>> Beware of the much publicised Bash vulnerability.
>>
> Reading through it, it is a bit sparse in details. Why would people still
> use bash in cgi scripts? Since when is bash even a tool to let loose on the
> Internet in the first place?
>
>
>
> _______________________________________________
> Liverpool mailing list
> Liverpool at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/liverpool
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/liverpool/attachments/20140925/fb34c6fc/attachment.html>
More information about the Liverpool
mailing list