1.  Home
  2. MIDRANGE-L
  3. September 2014

Re: "Shellshock" BASH vulnerability

On Thu, 2014-09-25 at 20:33 +0000, Sue Baker wrote:
If you have added BASH to your IBM i in PASE, please check the
NIST CVE database for information about a newly discovered
vulnerability and then check with your source for BASH to obtain
a fix if necessary.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271


I may be wrong, but... from what I can tell on what I've read so far, to
use the exploit you need access to bash, so if a cracker can't get to
bash then they can't use the exploit.

Now there might be applications that use bash that are web facing, so
some exploit of the application would be needed to be able to exploit
the bash exploit.

So, unless I'm reading it all wrong (a distinct possibility!), a user
would have needed to gain access to bash to use the bash exploit... If
they have got as far as bash I would have thought a way of exploiting it
would be the least of your worries?

Jon


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.