<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 26, 2014 at 11:02 AM, Matt Emmott <span dir="ltr"><<a href="mailto:memmott@gmail.com" target="_blank">memmott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Fri, Sep 26, 2014 at 10:38 AM, Raymond Wagner <span dir="ltr"><<a href="mailto:raymond@wagnerrp.com" target="_blank">raymond@wagnerrp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 9/25/2014 11:13 PM, Another Sillyname wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I don't know if people have read about the Shellshock vulnerability recently discovered.<br>
<br>
Anyone with an Internet exposed mythtv server would be well advised to do research on it ASAP.<br>
</blockquote>
<br></span>
If your backend is exposed to the internet, an attacker doesn't need to use Bash to run anything they want on your system.<br>
_______________________________________________<br></blockquote><div><br></div></span><div>What about MythWeb? <br></div><div><br></div></div></div></div></blockquote><div><br></div><div>I think that's his point, this bug doesn't really make the system less secure, it's already insecure. It certainly adds another attack vector though.</div><div><br></div><div>TomĀ </div></div><br></div></div>