[clug] Security talk and the bash 'shellshock' vulnerability
carlo at carlo-hamalainen.net
Fri Sep 26 07:12:18 MDT 2014
On 26/09/14 14:41, Paul Wayper wrote:
> We also talked about the fortuitously timed bash 'shellshock'
> vulnerability. It's a complex beast, since it's difficult to exploit but
> some of the things that can be exploited are exactly the kind of
> internet-facing web service that are already under attack. My own
> understanding is that unless you're running a web server on your home
> machine, then you're really not likely to get attacked with this any
> time soon.
What about DHCP?
So you could get done by some nefarious person on your LAN who responds
to a dhcp request before the real server does. Or you could sit at a
cafe with an open wifi AP and dodgy dhcp server and poke devices that
eagerly connect to the unsecured AP.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the linux