Make sure you update linux and ios!

- M
- Mark
  
  Contact options for registered users
Vote on answer
posted
9 years ago

Wed, Oct 1, 2014 8:46 AM

The ability to run arbitary commands, for one.

- T
- Tim Watts
  
  Contact options for registered users
Vote on answer
posted
9 years ago

Wed, Oct 1, 2014 9:44 AM

That's not how it works.

CGI sets environment variables from the web request, including things like user-agent and referer [sic]

Iif (if and only if) the web page calls bash (which would happen indirectly by calling system() in several web script dialects) then bash inherits the environment variables and bang! the bug is active.

- H
- Huge
  
  Contact options for registered users
Vote on answer
posted
9 years ago

Wed, Oct 1, 2014 10:56 AM

No-one does that, other than deliberately. That's what the Shellshock "bug" allows you to do.

- T
- The Natural Philosopher
  
  Contact options for registered users
Vote on answer
posted
9 years ago

Wed, Oct 1, 2014 1:02 PM

That same ability is inherent in any scripted web page.

because the 'arbitrary' bit is a broad church.

Firstly because in order to have this happen, the website has to be configured to use direct CGI, rather than say PHP (just as much of a security hole which isn't much)

Secondly, it must have some cgi script or program there to receive the malformed request.

Thirdly, that malformed request must be passed without parameter checking to a shell.

Fourthly the shell has to be bash, expliticly, or implicitly because its linked to the default shell /bin/sh.

I have a bad bash and a publicly accessible web server, I even satisfy the first condition.

But not the last three.