X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=VQU98PdWhO437Qxu9Uyk/4YbfLjs4UyiL3KvPPyYkse4Gu80iLPtX
	081SN8QrTOV9imkL5PAHFVsAEzuAW7XXYWTzwaizSLyT5+cYcxiNC8rxL+HTl4EM
	5jKUbW2pbdPUEH+30mczMDzMXoK0b3+MUn0X70cRhgcOs11GYxB1Io=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	 bh=WB1QVcePCeJMidU5uMguEZ+l4cE=; b=QnGZxPtObI4gQTs1P4o1vtZiljew
	CvsvRX3+r5+DmqTLl/Nsi8nukkwHiCyhZWC2y7osHGH8SobsjzkWYv2nRVrCnuKg
	y1AH34zMCCoWop+moN2nutjAiIg+h7UK5J9FfEABTFlcBuxqcobDI4bJF0MZ/3KD
	2hDoxspo5FNdins=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=ham version=3.3.2
X-HELO: plane.gmane.org
To: cygwin@cygwin.com
From: Achim Gratz <Stromeko@NexGo.DE>
Subject: Re: How vulnerable are bash users to shellshock bug?
Date: Mon, 29 Sep 2014 08:49:58 +0000 (UTC)
Lines: 15
Message-ID: <loom.20140929T103453-16@post.gmane.org>
References: <loom.20140929T044707-609@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes

Andy <AndyMHancock <at> gmail.com> writes:
> According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
> shellshock is exploited when someone submits commands in place of parameter
> data to a server, which then tries to shove the info into an environment
> variable by a bash invocation.  

No, the attack vector is to have a targeted user run bash in an environment
with at least one environment variable having crafted content as to exploit
the bug.  That's quite general and can be used for all sorts of privilege
escalation locally, using it remotely via a service is just the icing on the
cake.


Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple