On 26 Sep 2014 05:46, "Cliff Pratt" <enkiduonthenet@xxxxxxxxx> wrote: > > Take the case of an Apache Bash CGI. This will have been loaded when Apache > started, so Apache will have to be restarted to get the new one. There may > be other similar cases. So the best thing is to reboot. > This is false and a major misunderstanding of the vulnerability. 1) the vulnerability is just during initialisation of bash. Once it is running it is beyond the vulnerable stage and needs no restarting 2) in a CGI of #!/bin/bash or for a system call with any other language for CGI bash gets executed on demand... It does not do what you say... _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Critical update for bash released today.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Critical update for bash released today.
- From: James Hogarth <james.hogarth@xxxxxxxxx>
- Date: Fri, 26 Sep 2014 07:28:27 +0100
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <CADXosEKaJhsViV8V3z4rVzvvrY+cmJ39=OSgANdO4U2HaUPbPw@mail.gmail.com>
- Follow-Ups:
- Re: Critical update for bash released today.
- From: Cliff Pratt
- Re: Critical update for bash released today.
- References:
- Critical update for bash released today.
- From: Jim Perrin
- Re: Critical update for bash released today.
- From: Johnny Hughes
- Re: Critical update for bash released today.
- From: Tom Bishop
- Re: Critical update for bash released today.
- From: Michael Schumacher
- Re: Critical update for bash released today.
- From: Johnny Hughes
- Re: Critical update for bash released today.
- From: John Doe
- Re: Critical update for bash released today.
- From: Cliff Pratt
- Critical update for bash released today.
- Prev by Date: Re: /etc/init.d CentOS 7
- Next by Date: Re: /etc/init.d CentOS 7
- Previous by thread: Re: Critical update for bash released today.
- Next by thread: Re: Critical update for bash released today.
- Index(es):
 |