How vulnerable are bash users to shellshock bug?

Andy AndyMHancock@gmail.com
Mon Sep 29 03:47:00 GMT 2014


According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
shellshock is exploited when someone submits commands in place of parameter
data to a server, which then tries to shove the info into an environment
variable by a bash invocation.  

I (and I suspect many people) only use bash as a command line user
interface.  I don't run any services from the cygwin installation, and I
don't invoke any cygwin commands from Windows services (I know very little
about Windows services).  Would it be correct to say that the vulnerability
doesn't exist in such a scenario?  I can update some cygwin installations,
but some I cannot (and in those cases, cygwin is installed under
non-administrator accounts).


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list