[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] bash vulnerability
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] bash vulnerability
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2014 17:04:09 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=TO3p6bl0InDrsUV8YJ93rJpYicbDcQ4TMRTAz0oeoIk=; b=CKLxla3mYq+cddB459t/sJuahsj2Ui3bnCfQEzdWYgBUiFo2mgt8mHbgHJtGY2kLMR/MNhHrPacJ9WRevPt2VxMpXRhEmZi9rw7X9uBZi/1qdUTulTfvuwxhgYR1OeEipnt2Bt7UE0Y9639FFhJu5di0N8IsIaGQQaYeZ1DKVfI=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1411751049; bh=TyJwL96iOXell9hUpVamc7xRYvfONFu0iqZM2WAN1rw=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=LJ3YmZKoZabx+8Rhl0I+VTHH4VkR5VMLoNSS0IgENhgUmk+iCWkTayEaT/igdQrm9 ZSoV2Ne6vJCACnXV9ZtA4uYbwzOLN/Y7mWQjlJnrftZxY3z0MPowZHuCnYii1EBXk/ KpBKC1Hv6g4k+bYdUAEV7n3ucnfHSNw6CQjOhIN8=
On Fri, Sep 26, 2014 at 09:39:41AM +0100, Gordon Henderson wrote:
> So on the surface home PCs, etc. are fine - no need to wory about
> them for now.
I'm at a conference at the moment so I've not read up on all the
details, though I've spoken about it to many people (it's a security
conference). It seems some DHCP clients are vulnerable. So for some
fairly broad version of "etc.", you can get root access on them if
you're on the same WiFi network. So that does sound like something to
worry about.
People have compared it with Heartbleed, where the attack was easy to
execute. This is more tricky, but the number of ways you could exploit
this is much bigger. With Heartbleed, if you couldn't patch, you could
probably fend off attacks on the firewall - here I would be less
confident such a thing is possible.
The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq