Re: Critical update for bash released today.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 26 Sep 2014 05:46, "Cliff Pratt" <enkiduonthenet@xxxxxxxxx> wrote:
>
> Take the case of an Apache Bash CGI. This will have been loaded when
Apache
> started, so Apache will have to be restarted to get the new one. There may
> be other similar cases. So the best thing is to reboot.
>

This is false and a major misunderstanding of the vulnerability.

1) the vulnerability is just during initialisation of bash. Once it is
running it is beyond the vulnerable stage and needs no restarting
2) in a CGI of #!/bin/bash or for a system call with any other language for
CGI bash gets executed on demand... It does not do what you say...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux