[mythtv-users] Shellshock discussion
Gabe Rubin
gaberubin at gmail.com
Fri Sep 26 16:34:57 UTC 2014
On Fri, Sep 26, 2014 at 9:31 AM, Gary Buhrmaster <gary.buhrmaster at gmail.com>
wrote:
> On Fri, Sep 26, 2014 at 4:14 PM, Mike Perkins
> <mikep at randomtraveller.org.uk> wrote:
> ......
> > The reports I've been reading today also make the point that routers
> could
> > be vulnerable, depending on what OS they run and how things are
> implemented.
> > It is a fault in the way cgi is implemented, not just bash, and the
> problem
> > isn't restricted to port 80.
>
> While many "embedded" devices use busybox, which has ash
> rather than bash by default, there are always exceptions.
>
> And it is not restricted to cgi. Some dhcp clients are vulnerable,
> and a rogue dhcp server on (say) a public wifi network is not
> at all unheard of.
>
> My advice is that rather than spend effort to figure out reasons
> not to upgrade, just do ii. Yes, test in your environment before
> rollout, but just do it, and move on. Patch now.
> ______________________________________________
>
>
Does this affect the DD-WRT firmware? Should users upgrade to the latest
version of that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mythtv.org/pipermail/mythtv-users/attachments/20140926/6121dd23/attachment.html>
More information about the mythtv-users
mailing list