"Shellshock" bash bug
Colin Law
clanlaw at gmail.com
Sat Sep 27 12:53:10 UTC 2014
On 27 September 2014 13:45, Gene Heskett <gheskett at wdtv.com> wrote:
> On Saturday 27 September 2014 02:45:50 Colin Law did opine
> And Gene did reply:
>> On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com> wrote:
>> > On Friday 26 September 2014 17:50:25 Colin Law did opine
>> >
>> >> ...
>> >> It seems however that my initial assumption is correct, that if they
>> >> cannot login as they do not have the key then they cannot exploit
>> >> the vulnerability.
>> >
>> > We are being told by the finders that no login is needed.
>>
>> True, it seems that web server and dhcp can also be attacked, however
>> since only port 22 is open and dhcp is from my router then it seems I
>> am safe, provided the router is clean.
>>
>> Cheers
>>
>> Colin
>
> A second point in the good routers is that you can and should, disable
> access to port 22 from the outside world, making that only accessible from
> your local 192.168.nnn/24. But that has little to do with its dhcp which
> could still be hackable.
If I disable access to port 22 from the outside world, how do you
suggest I get access to the machine from the outside world?
Colin
More information about the ubuntu-users
mailing list