Mail Archives: cygwin/2014/09/28/22:48:55

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/09/28/22:48:55

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=lvx

Zjmr64WvZwzXlPeht1mHn2juZHClemshQjDnsFIj7aTlQ0/AJIJJYEhNOsu1ONm6

F9f//E+tc2G39V0Yx63NmSJIGDoF3xTKmzB9s0jaUmKkH8QqQk0CjcqCg3835Y8l

3AWi1ESLXT5Hafj97gV0gvqx1Ix0XozNdokjWWZo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type:content-transfer-encoding; s=default; bh=VMc6Cetlk

bK2zFv9pWqSepTZFxQ=; b=JUgu4AQv4Ex7rIPVytr3LyIDrcR6SlYysW5H5hCrU

DgqONBFwW9sMucpEB+ie46o7Nuwa5frBu7gALMtjBsSTk2dv1Jcq2Q3GzGhPEmm/

n7JXUcBHgc7IgWhbQSwM329Ujk6dc9fwR0GMExeBjcMoKniu2KCCx8FT6KqpLZ6A

YA=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Andy <AndyMHancock AT gmail DOT com>

Subject: How vulnerable are bash users to shellshock bug?

Date: Mon, 29 Sep 2014 02:48:17 +0000 (UTC)

Lines: 12

Message-ID: <loom.20140929T044707-609@post.gmane.org>

Mime-Version: 1.0

User-Agent: Loom/3.14 (http://gmane.org/)

X-IsSubscribed: yes

According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
shellshock is exploited when someone submits commands in place of parameter
data to a server, which then tries to shove the info into an environment
variable by a bash invocation.  

I (and I suspect many people) only use bash as a command line user
interface.  I don't run any services from the cygwin installation, and I
don't invoke any cygwin commands from Windows services (I know very little
about Windows services).  Would it be correct to say that the vulnerability
doesn't exist in such a scenario?  I can update some cygwin installations,
but some I cannot (and in those cases, cygwin is installed under
non-administrator accounts).


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=lvx
	Zjmr64WvZwzXlPeht1mHn2juZHClemshQjDnsFIj7aTlQ0/AJIJJYEhNOsu1ONm6
	F9f//E+tc2G39V0Yx63NmSJIGDoF3xTKmzB9s0jaUmKkH8QqQk0CjcqCg3835Y8l
	3AWi1ESLXT5Hafj97gV0gvqx1Ix0XozNdokjWWZo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type:content-transfer-encoding; s=default; bh=VMc6Cetlk
	bK2zFv9pWqSepTZFxQ=; b=JUgu4AQv4Ex7rIPVytr3LyIDrcR6SlYysW5H5hCrU
	DgqONBFwW9sMucpEB+ie46o7Nuwa5frBu7gALMtjBsSTk2dv1Jcq2Q3GzGhPEmm/
	n7JXUcBHgc7IgWhbQSwM329Ujk6dc9fwR0GMExeBjcMoKniu2KCCx8FT6KqpLZ6A
	YA=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Andy <AndyMHancock AT gmail DOT com>
Subject:	How vulnerable are bash users to shellshock bug?
Date:	Mon, 29 Sep 2014 02:48:17 +0000 (UTC)
Lines:	12
Message-ID:	<loom.20140929T044707-609@post.gmane.org>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes