[Cialug] Shellshock Bash Remote Code Execution Vulnerability
Will
staticphantom at gmail.com
Thu Sep 25 12:28:04 CDT 2014
Try reading this:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
-Will C
On Thu, Sep 25, 2014 at 1:23 PM, Scott Yates <Scott at yatesframe.com> wrote:
> Help me understand a couple thingss:
>
> How is this operating remotely? I understand this being a problem if
> people have shell access to a box, but how is it that anything "remote" is
> allowed to set an environment variable in the first place?
>
> Am I missing something here, or is this only a problem if someone already
> has shell access?
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list