[mythtv-users] Shellshock discussion
Tom Lichti
tom at redpepperracing.com
Fri Sep 26 15:22:46 UTC 2014
On Fri, Sep 26, 2014 at 11:02 AM, Matt Emmott <memmott at gmail.com> wrote:
>
>
> On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <raymond at wagnerrp.com>
> wrote:
>
>> On 9/25/2014 11:13 PM, Another Sillyname wrote:
>>
>>> I don't know if people have read about the Shellshock vulnerability
>>> recently discovered.
>>>
>>> Anyone with an Internet exposed mythtv server would be well advised to
>>> do research on it ASAP.
>>>
>>
>> If your backend is exposed to the internet, an attacker doesn't need to
>> use Bash to run anything they want on your system.
>> _______________________________________________
>>
>
> What about MythWeb?
>
>
I think that's his point, this bug doesn't really make the system less
secure, it's already insecure. It certainly adds another attack vector
though.
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mythtv.org/pipermail/mythtv-users/attachments/20140926/2d121d09/attachment.html>
More information about the mythtv-users
mailing list