[kwlug-disc] Vulnerability in bash
Hubert Chathi
hubert at uhoreg.ca
Thu Sep 25 17:24:56 EDT 2014
For the bash bug, the only way for it to be remotely exploitable is if
you are running a server that executes programs using bash in response
to remote requests. For example (probably the most common), if your web
server executes a cgi script using bash. But if you do not allow cgi
scripts (e.g. if you are only using PHP, via mod_php), then you should
be safe. Or if your web server only executes cgi scripts using dash
(which is the default /bin/sh on recent Debian and Ubuntu) instead of
bash, then you should be safe.
Am I the only one who is more concerned about the NSS vulnerability?
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568
More information about the kwlug-disc
mailing list