[mythtv-users] Shellshock discussion
Gary Buhrmaster
gary.buhrmaster at gmail.com
Fri Sep 26 16:31:01 UTC 2014
On Fri, Sep 26, 2014 at 4:14 PM, Mike Perkins
<mikep at randomtraveller.org.uk> wrote:
......
> The reports I've been reading today also make the point that routers could
> be vulnerable, depending on what OS they run and how things are implemented.
> It is a fault in the way cgi is implemented, not just bash, and the problem
> isn't restricted to port 80.
While many "embedded" devices use busybox, which has ash
rather than bash by default, there are always exceptions.
And it is not restricted to cgi. Some dhcp clients are vulnerable,
and a rogue dhcp server on (say) a public wifi network is not
at all unheard of.
My advice is that rather than spend effort to figure out reasons
not to upgrade, just do ii. Yes, test in your environment before
rollout, but just do it, and move on. Patch now.
More information about the mythtv-users
mailing list