X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=VQU98PdWhO437Qxu9Uyk/4YbfLjs4UyiL3KvPPyYkse4Gu80iLPtX
	081SN8QrTOV9imkL5PAHFVsAEzuAW7XXYWTzwaizSLyT5+cYcxiNC8rxL+HTl4EM
	5jKUbW2pbdPUEH+30mczMDzMXoK0b3+MUn0X70cRhgcOs11GYxB1Io=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	 bh=WB1QVcePCeJMidU5uMguEZ+l4cE=; b=QnGZxPtObI4gQTs1P4o1vtZiljew
	CvsvRX3+r5+DmqTLl/Nsi8nukkwHiCyhZWC2y7osHGH8SobsjzkWYv2nRVrCnuKg
	y1AH34zMCCoWop+moN2nutjAiIg+h7UK5J9FfEABTFlcBuxqcobDI4bJF0MZ/3KD
	2hDoxspo5FNdins=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=ham version=3.3.2
X-HELO: plane.gmane.org
To: cygwin AT cygwin DOT com
From: Achim Gratz <Stromeko AT NexGo DOT DE>
Subject: Re: How vulnerable are bash users to shellshock bug?
Date: Mon, 29 Sep 2014 08:49:58 +0000 (UTC)
Lines: 15
Message-ID: <loom.20140929T103453-16@post.gmane.org>
References: <loom DOT 20140929T044707-609 AT post DOT gmane DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes

Andy <AndyMHancock <at> gmail.com> writes:
> According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
> shellshock is exploited when someone submits commands in place of parameter
> data to a server, which then tries to shove the info into an environment
> variable by a bash invocation.  

No, the attack vector is to have a targeted user run bash in an environment
with at least one environment variable having crafted content as to exploit
the bug.  That's quite general and can be used for all sorts of privilege
escalation locally, using it remotely via a service is just the icing on the
cake.


Regards,
Achim.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple