Heads up: possible BASH security vulnerability
jd1008
jd1008 at gmail.com
Thu Sep 25 00:54:54 UTC 2014
On 09/24/2014 06:43 PM, Chris Adams wrote:
> Once upon a time, jd1008 <jd1008 at gmail.com> said:
>> Are you saying that a java script, being executed on your system
>> via the browser, cannot also fork and exec bash?
> As far as I know, that would require some other security vulnerability
> first (at which point bash security is moot).
I have read numerous reports by google analytics about
many javascripts that I have intercepted, and which many
web sites try to install on your system.
Google analytics says they have been known to infect many
systems and web sites by installing malware without user's
knowledge.
I was just wondering if bash is/was one of the weaknesses
exploited by these scripts, or is the it just the browser blithely
executing these scripts and damn the torpedoes?
But I seem to digress from the main theme of this thread.
Sorry!!
More information about the users
mailing list