[mythtv-users] Shellshock discussion

Mike Perkins mikep at randomtraveller.org.uk
Fri Sep 26 16:14:11 UTC 2014


On 26/09/14 16:24, Raymond Wagner wrote:
> On 9/26/2014 11:02 AM, Matt Emmott wrote:
>>
>>
>> On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <raymond at wagnerrp.com
>> <mailto:raymond at wagnerrp.com>> wrote:
>>
>>     On 9/25/2014 11:13 PM, Another Sillyname wrote:
>>
>>         I don't know if people have read about the Shellshock
>>         vulnerability recently discovered.
>>
>>         Anyone with an Internet exposed mythtv server would be well
>>         advised to do research on it ASAP.
>>
>>
>>     If your backend is exposed to the internet, an attacker doesn't
>>     need to use Bash to run anything they want on your system.
>>     _______________________________________________
>>
>>
>> What about MythWeb?
>>
>
> If Mythweb is on the internet, same thing.
>
The reports I've been reading today also make the point that routers could be 
vulnerable, depending on what OS they run and how things are implemented. It is 
a fault in the way cgi is implemented, not just bash, and the problem isn't 
restricted to port 80.

-- 

Mike Perkins



More information about the mythtv-users mailing list