[mythtv-users] Shellshock discussion
Hika van den Hoven
hikavdh at gmail.com
Fri Sep 26 17:22:27 UTC 2014
Hoi Jim,
Friday, September 26, 2014, 7:10:34 PM, you wrote:
> On 9/26/2014 12:11 PM, Hika van den Hoven wrote:
>> Hoi Mike,
>>
>> Friday, September 26, 2014, 6:14:11 PM, you wrote:
>>
>>> On 26/09/14 16:24, Raymond Wagner wrote:
>>>> On 9/26/2014 11:02 AM, Matt Emmott wrote:
>>>>>
>>>>> On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <raymond at wagnerrp.com
>>>>> <mailto:raymond at wagnerrp.com>> wrote:
>>>>>
>>>>> On 9/25/2014 11:13 PM, Another Sillyname wrote:
>>>>>
>>>>> I don't know if people have read about the Shellshock
>>>>> vulnerability recently discovered.
>>>>>
>>>>> Anyone with an Internet exposed mythtv server would be well
>>>>> advised to do research on it ASAP.
>>>>>
>>>>>
>>>>> If your backend is exposed to the internet, an attacker doesn't
>>>>> need to use Bash to run anything they want on your system.
>>>>> _______________________________________________
>>>>>
>>>>>
>>>>> What about MythWeb?
>>>>>
>>>> If Mythweb is on the internet, same thing.
>>>>
>>> The reports I've been reading today also make the point that routers could be
>>> vulnerable, depending on what OS they run and how things are implemented. It is
>>> a fault in the way cgi is implemented, not just bash, and the problem isn't
>>> restricted to port 80.
>> But if your router/firewall runs sh and doesn't forward any ports (it
>> handels vpn itself), does the bug apply for the machines behind it?
>>
>>
> If your router is compromised then the machines "behind it" are all exposed.
> Jim
> _______________________________________________
But sh is not bash. So in other words, is sh vulnerable and can it
reach through a not affected/vulnerable firewall.
Tot mails,
Hika mailto:hikavdh at gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
More information about the mythtv-users
mailing list