<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Do we know what the attack surface for desktop computers is?<br>
    I know that DHCP is vulnerable and can give root access to a rogue
    DHCP server but how about the internet facing
    programs(firefox,chrome, thunderbird etc) do such programs invoke
    bash environment variables?<br>
    <br>
    ~ Nick<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 26/09/2014 06:43 μμ, Kevin O'Gorman
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAGVXcSb+Yrhpv3X_D+iepfAPLA-oPcOJ2a4Sh2L5wXb0Qu0t+w@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>There has been a code-injection vulnerability in bash
              for the last 22 years, recently discovered and named
              "Shellshock".  It's nasty.  <a moz-do-not-send="true"
                href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</a><br>
              <br>
            </div>
            Here's a quick one-liner to see if you're vulnerable:<br>
            $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a
            test"<br>
            vulnerable<br>
            this is a test<br>
            $<br>
            <br>
          </div>
          If you get that result, update your bash from the
          repositories, and all should be well:<br>
          $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a
          test"<br>
          bash: warning: x: ignoring function definition attempt<br>
          bash: error importing function definition for `x'<br>
          this is a test<br>
          $<br>
          <br>
        </div>
        Safe computing to all<br>
        <div>
          <div>
            <div>
              <div><br clear="all">
                <div>
                  <div>
                    <div><br>
                      -- <br>
                      <div dir="ltr">Kevin O'Gorman<br>
                      </div>
                      <div>#define QUESTION ((bb) || (!b))  /*
                        Shakespeare */<br>
                        <br>
                      </div>
                      <div dir="ltr"><span
style="line-height:normal;font-variant:normal;font-size:10pt;font-style:normal;font-weight:normal"><span
style="line-height:normal;font-variant:normal;font-size:10pt;font-style:normal;font-weight:normal"></span></span>
                        <table cellpadding="0" cellspacing="0"
                          border="0" width="448">
                          <tbody>
                            <tr>
                              <td width="25"><img
                                  src="cid:part2.03080700.05070603@nickscode.com"
                                  height="21" width="25"></td>
                              <td width="423"><span
style="font-family:Verdana,Geneva,sans-serif;color:rgb(0,153,0);margin-left:5px;font-size:10px">Please
                                  consider the environment before
                                  printing this email.</span></td>
                            </tr>
                          </tbody>
                        </table>
                        <br>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>