"Shellshock" bash bug
Robert Heller
heller at deepsoft.com
Sat Sep 27 12:39:53 UTC 2014
At Sat, 27 Sep 2014 08:27:45 -0400 "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>
> On Saturday 27 September 2014 02:45:50 Colin Law did opine
> And Gene did reply:
> > On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com> wrote:
> > > On Friday 26 September 2014 17:50:25 Colin Law did opine
> > >
> > >> ...
> > >> It seems however that my initial assumption is correct, that if they
> > >> cannot login as they do not have the key then they cannot exploit
> > >> the vulnerability.
> > >
> > > We are being told by the finders that no login is needed.
> >
> > True, it seems that web server and dhcp can also be attacked, however
> > since only port 22 is open and dhcp is from my router then it seems I
> > am safe, provided the router is clean.
> >
> > Cheers
> >
> > Colin
>
> You aren't remembering that the router itself is using a dhcp client to
> get its network address from your ISP's servers. That could make it
> vulnerable.
If the ISP's servers were hacked.
>
> Cheers, Gene Heskett
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the ubuntu-users
mailing list