[GRLUG] CVE-2014-6271

[Kevin McCarthy]

Well, the BIG one is CGI scripts from a web server which passes data via
environment variables. But OpenSSH could be vulnerable via TERM or anything
in AcceptEnv. I think you'd be surprised how many attack vectors there are
for this one.

-Kevin

On Wed, Sep 24, 2014 at 3:08 PM, Mark Farver <mfarver at mindbent.org> wrote:

> I think it is a stretch to label this remotely exploitable.  If an
> attacker has remote control of environment variables you have bigger
> problems.
>
> Mark
> On Sep 24, 2014 2:50 PM, "John Wesorick" <john at wesorick.com> wrote:
>
>> Ubuntu <http://www.ubuntu.com/usn/usn-2362-1/> and Debian
>> <https://lists.debian.org/debian-security-announce/2014/msg00220.html>
>> were patched as well.
>>
>> On Wed, Sep 24, 2014 at 2:44 PM, Kevin McCarthy <signals42 at gmail.com>
>> wrote:
>>
>>> Figured I'd pass this along to the mailing list since it looks quite
>>> serious:
>>>
>>>
>>> http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
>>>
>>> Almost every Linux install is vulnerable to a potentially-remote
>>> execution exploit involving bash. I know it has been patched in Gentoo and
>>> RHEL. It's probably been fixed in most other distros by now, too. Time to
>>> patch!
>>>
>>> -Kevin
>>>
>>>
>>> _______________________________________________
>>> grlug mailing list
>>> grlug at grlug.org
>>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>>
>>
>>
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20140924/b6c69b61/attachment.html>