[GLLUG] Bash Bug
peter at cannon-linux.co.uk
Fri Sep 26 08:18:25 UTC 2014
On 25/09/14 23:26, Karanbir Singh wrote:
> On 09/25/2014 10:44 PM, Alain Williams wrote:
>> On Thu, Sep 25, 2014 at 10:38:32PM +0100, Alain Williams wrote:
>> FYI: something referenced from the SElinux mail list:
> this is a great post on how SELinux can help overall in situations like
> this as well.
> the other thing that is important to note here is that there is -lots-
> of software out there that uses system() calls to do things, every one
> of those is potentially at risk here; nagios / gitweb etc are just a tip
> of the iceberg. There is plenty of desktop / app grade software that
> does this as well.
> So, although I agree that bash for cgi-scripts is just completely
> whacked out, in many cases the issue is being inherited from other code,
> that does the system shell out.
> btw, sky hd+ box's running linux... also exploiteable.
Thank Fortuna for the Bourne Again Shell vulnerability! Open Source news
was on its arse before you came along. :-)
IRC: dick_turpin @ freenode.net
"Be who you are and say what you feel because those who mind don't
matter and those who matter don't mind."
More information about the GLLUG