[mythtv-users] Shellshock discussion
Mike Perkins
mikep at randomtraveller.org.uk
Fri Sep 26 16:14:11 UTC 2014
On 26/09/14 16:24, Raymond Wagner wrote:
> On 9/26/2014 11:02 AM, Matt Emmott wrote:
>>
>>
>> On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <raymond at wagnerrp.com
>> <mailto:raymond at wagnerrp.com>> wrote:
>>
>> On 9/25/2014 11:13 PM, Another Sillyname wrote:
>>
>> I don't know if people have read about the Shellshock
>> vulnerability recently discovered.
>>
>> Anyone with an Internet exposed mythtv server would be well
>> advised to do research on it ASAP.
>>
>>
>> If your backend is exposed to the internet, an attacker doesn't
>> need to use Bash to run anything they want on your system.
>> _______________________________________________
>>
>>
>> What about MythWeb?
>>
>
> If Mythweb is on the internet, same thing.
>
The reports I've been reading today also make the point that routers could be
vulnerable, depending on what OS they run and how things are implemented. It is
a fault in the way cgi is implemented, not just bash, and the problem isn't
restricted to port 80.
--
Mike Perkins
More information about the mythtv-users
mailing list