"Shellshock" bash bug
Colin Law
clanlaw at gmail.com
Sat Sep 27 12:44:59 UTC 2014
On 27 September 2014 13:39, Robert Heller <heller at deepsoft.com> wrote:
> At Sat, 27 Sep 2014 08:27:45 -0400 "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>
>>
>> On Saturday 27 September 2014 02:45:50 Colin Law did opine
>> And Gene did reply:
>> > On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com> wrote:
>> > > On Friday 26 September 2014 17:50:25 Colin Law did opine
>> > >
>> > >> ...
>> > >> It seems however that my initial assumption is correct, that if they
>> > >> cannot login as they do not have the key then they cannot exploit
>> > >> the vulnerability.
>> > >
>> > > We are being told by the finders that no login is needed.
>> >
>> > True, it seems that web server and dhcp can also be attacked, however
>> > since only port 22 is open and dhcp is from my router then it seems I
>> > am safe, provided the router is clean.
>> >
>> > Cheers
>> >
>> > Colin
>>
>> You aren't remembering that the router itself is using a dhcp client to
>> get its network address from your ISP's servers. That could make it
>> vulnerable.
>
> If the ISP's servers were hacked.
Would that only be an issue if the router itself had a vulnerable bash?
Colin
>
>>
>> Cheers, Gene Heskett
>
> --
> Robert Heller -- 978-544-6933
> Deepwoods Software -- Custom Software Services
> http://www.deepsoft.com/ -- Linux Administration Services
> heller at deepsoft.com -- Webhosting Services
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
More information about the ubuntu-users
mailing list