Heads up: possible BASH security vulnerability
Ian Pilcher
arequipeno at gmail.com
Thu Sep 25 15:33:49 UTC 2014
On 09/24/2014 07:27 PM, Chris Adams wrote:
> On a client system, there are some potential routes to exploiting this
> as well. For example, I think the DHCP and PPP clients will run
> external scripts to configure things (such as DNS, NTP, etc.), using
> environment variables to pass information, so a malicious server could
> potentially get full root access to a vulnerable client system. In most
> cases though, I don't think bash or /bin/sh get passed arbitrary remote
> data in environment variables on a client system (e.g. desktop).
The DHCP vector is pretty scary for anyone who connects to untrusted
networks (hotels, coffee shops, etc.).
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the users
mailing list