[clug] Security talk and the bash 'shellshock' vulnerability

Carlo Hamalainen carlo at carlo-hamalainen.net
Fri Sep 26 07:12:18 MDT 2014

On 26/09/14 14:41, Paul Wayper wrote:
> We also talked about the fortuitously timed[1] bash 'shellshock'
> vulnerability.  It's a complex beast, since it's difficult to exploit but
> some of the things that can be exploited are exactly the kind of
> internet-facing web service that are already under attack.  My own
> understanding is that unless you're running a web server on your home
> machine, then you're really not likely to get attacked with this any
> time soon.

What about DHCP?


So you could get done by some nefarious person on your LAN who responds
to a dhcp request before the real server does. Or you could sit at a
cafe with an open wifi AP and dodgy dhcp server and poke devices that
eagerly connect to the unsecured AP.

-- Carlo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20140926/f2a118a2/attachment.pgp>

More information about the linux mailing list