[GLLUG] Bash Bug
James Roberts
j.roberts at stabilys.com
Thu Sep 25 23:30:24 UTC 2014
On 25/09/14 20:14, Andy Smith wrote:
> Hello,
>
> On Thu, Sep 25, 2014 at 06:25:27PM +0100, chris procter wrote:
>> I'd still say heartbleed is worse though, who runs bash cgi scripts?
>
> It's not just applications implemented in bash, it's anything that
> ever shells out to bash and could have its environment under control
> of an attacker.
>
> https://news.ycombinator.com/item?id=8362450
Eek! Worse than I thought then.
However, (almost) everyone running a public web interface will be
patching - won't they? We are, and our upstream already have.
So I still reckon the problems are going to come from the systems that
are never and have never been and will never be patched...
MeJ
--
Stabilys Ltd www.stabilys.com
244 Kilburn Lane
LONDON
W10 4BA
0845 838 5370
More information about the GLLUG
mailing list