"Shellshock" bash bug
Gene Heskett
gheskett at wdtv.com
Sat Sep 27 12:27:45 UTC 2014
On Saturday 27 September 2014 02:45:50 Colin Law did opine
And Gene did reply:
> On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com> wrote:
> > On Friday 26 September 2014 17:50:25 Colin Law did opine
> >
> >> ...
> >> It seems however that my initial assumption is correct, that if they
> >> cannot login as they do not have the key then they cannot exploit
> >> the vulnerability.
> >
> > We are being told by the finders that no login is needed.
>
> True, it seems that web server and dhcp can also be attacked, however
> since only port 22 is open and dhcp is from my router then it seems I
> am safe, provided the router is clean.
>
> Cheers
>
> Colin
You aren't remembering that the router itself is using a dhcp client to
get its network address from your ISP's servers. That could make it
vulnerable.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
More information about the ubuntu-users
mailing list