<html><head></head><body>Nah, not going to be surprised. But don't you have to successfully auth to get anything AcceptEnv passed along? And sshd downgrades privileges by that point.<br><br><div class="gmail_quote">On September 24, 2014 4:27:18 PM EDT, Kevin McCarthy <signals42@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="ltr"><div>Well, the BIG one is CGI scripts from a web server which passes data via environment variables. But OpenSSH could be vulnerable via TERM or anything in AcceptEnv. I think you'd be surprised how many attack vectors there are for this one.<br /><br /></div>-Kevin<br /></div><div class="gmail_extra"><br /><div class="gmail_quote">On Wed, Sep 24, 2014 at 3:08 PM, Mark Farver <span dir="ltr"><<a href="mailto:mfarver@mindbent.org" target="_blank">mfarver@mindbent.org</a>></span> wrote:<br /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I think it is a stretch to label this remotely exploitable.  If an attacker has remote control of environment variables you have bigger problems.</p><span class="HOEnZb"><font color="#888888">
</font><p dir="ltr"><font color="#888888">Mark</font></p></span><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Sep 24, 2014 2:50 PM, "John Wesorick" <<a href="mailto:john@wesorick.com" target="_blank">john@wesorick.com</a>> wrote:<br type="attribution" /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><a href="http://www.ubuntu.com/usn/usn-2362-1/" target="_blank">Ubuntu</a> and <a href="https://lists.debian.org/debian-security-announce/2014/msg00220.html" target="_blank">Debian</a> were patched as well.</div><div class="gmail_extra"><br /><div class="gmail_quote">On Wed, Sep 24, 2014 at 2:44 PM, Kevin McCarthy <span dir="ltr"><<a href="mailto:signals42@gmail.com" target="_blank">signals42@gmail.com</a>></span> wrote:<br /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Figured I'd pass this along to the mailing list since it looks quite serious:<br /><br /><a
href="http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html" target="_blank">http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html</a><br /><br /></div>Almost every Linux install is vulnerable to a potentially-remote execution exploit involving bash. I know it has been patched in Gentoo and RHEL. It's probably been fixed in most other distros by now, too. Time to patch!<span><font color="#888888"><br /><br /></font></span></div><span><font color="#888888">-Kevin<br /><br /></font></span></div>
<br />_______________________________________________<br />
grlug mailing list<br />
<a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br />
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br /></blockquote></div><br /></div>
<br />_______________________________________________<br />
grlug mailing list<br />
<a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br />
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br /></blockquote></div>
</div></div><br />_______________________________________________<br />
grlug mailing list<br />
<a href="mailto:grlug@grlug.org">grlug@grlug.org</a><br />
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br /></blockquote></div><br /></div>
<p style="margin-top: 2.5em; margin-bottom: 1em; border-bottom: 1px solid #000"></p><pre class="k9mail"><hr /><br />grlug mailing list<br />grlug@grlug.org<br /><a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>