|
From what little i've read it is like you say but with the caveat thatthere are lots of things in the *ix world that use bash in one way or
wrote:
On Thu, 2014-09-25 at 20:33 +0000, Sue Baker wrote:
If you have added BASH to your IBM i in PASE, please check the
NIST CVE database for information about a newly discovered
vulnerability and then check with your source for BASH to obtain
a fix if necessary.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
I may be wrong, but... from what I can tell on what I've read so far, to
use the exploit you need access to bash, so if a cracker can't get to
bash then they can't use the exploit.
Now there might be applications that use bash that are web facing, so
some exploit of the application would be needed to be able to exploit
the bash exploit.
So, unless I'm reading it all wrong (a distinct possibility!), a user
would have needed to gain access to bash to use the bash exploit... If
they have got as far as bash I would have thought a way of exploiting it
would be the least of your worries?
Jon
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
