[ale] bash critical vulnerability - update NOW!

James Sumners james.sumners at gmail.com
Mon Sep 29 15:55:58 EDT 2014


On Sun, Sep 28, 2014 at 7:44 PM, Derek Atkins <warlord at mit.edu> wrote:

> James Sumners <james.sumners at gmail.com> writes:
>
> > The moral of this story: don't write CGI scripts in Bash.
>
> It's more than just CGI, unfortunately.  Anything that runs bash can be
> hit.  For example, DHCP is succeptible.
>

And then we have shenanigans like this -- https://github.com/jaburns/ngincat


-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptible. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140929/e8944081/attachment.html>


More information about the Ale mailing list