[mythtv-users] Shellshock discussion
Jim
lists at morton.hrcoxmail.com
Fri Sep 26 17:10:34 UTC 2014
On 9/26/2014 12:11 PM, Hika van den Hoven wrote:
> Hoi Mike,
>
> Friday, September 26, 2014, 6:14:11 PM, you wrote:
>
>> On 26/09/14 16:24, Raymond Wagner wrote:
>>> On 9/26/2014 11:02 AM, Matt Emmott wrote:
>>>>
>>>> On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <raymond at wagnerrp.com
>>>> <mailto:raymond at wagnerrp.com>> wrote:
>>>>
>>>> On 9/25/2014 11:13 PM, Another Sillyname wrote:
>>>>
>>>> I don't know if people have read about the Shellshock
>>>> vulnerability recently discovered.
>>>>
>>>> Anyone with an Internet exposed mythtv server would be well
>>>> advised to do research on it ASAP.
>>>>
>>>>
>>>> If your backend is exposed to the internet, an attacker doesn't
>>>> need to use Bash to run anything they want on your system.
>>>> _______________________________________________
>>>>
>>>>
>>>> What about MythWeb?
>>>>
>>> If Mythweb is on the internet, same thing.
>>>
>> The reports I've been reading today also make the point that routers could be
>> vulnerable, depending on what OS they run and how things are implemented. It is
>> a fault in the way cgi is implemented, not just bash, and the problem isn't
>> restricted to port 80.
> But if your router/firewall runs sh and doesn't forward any ports (it
> handels vpn itself), does the bug apply for the machines behind it?
>
>
If your router is compromised then the machines "behind it" are all exposed.
Jim
More information about the mythtv-users
mailing list