[mythtv-users] Shellshock discussion
Stephen Worthington
stephen_agent at jsw.gen.nz
Fri Sep 26 17:25:54 UTC 2014
On Fri, 26 Sep 2014 09:16:21 -0700, you wrote:
>
>On 09/26/2014 09:14 AM, Mike Perkins wrote:
>> The reports I've been reading today also make the point that routers
>> could be vulnerable, depending on what OS they run and how things are
>> implemented. It is a fault in the way cgi is implemented, not just
>> bash, and the problem isn't restricted to port 80.
>>
>
>I don't know of any embedded distribution that uses bash. All that I'm
>familiar with use busybox, which has an implementation of ash.
>
>Not saying there isn't one out there, though.
My Ubiquiti EdgeRouter Lite seems to be running bash - it fails the
exploit tests I have tried. However, since I am not exposing anything
on the router to the Internet (I have firewall rules blocking all
external access to the router itself), I should be OK until they issue
a fix.
More information about the mythtv-users
mailing list