How vulnerable are bash users to shellshock bug?
Andy
AndyMHancock@gmail.com
Mon Sep 29 03:47:00 GMT 2014
According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
shellshock is exploited when someone submits commands in place of parameter
data to a server, which then tries to shove the info into an environment
variable by a bash invocation.
I (and I suspect many people) only use bash as a command line user
interface. I don't run any services from the cygwin installation, and I
don't invoke any cygwin commands from Windows services (I know very little
about Windows services). Would it be correct to say that the vulnerability
doesn't exist in such a scenario? I can update some cygwin installations,
but some I cannot (and in those cases, cygwin is installed under
non-administrator accounts).
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list