Mu [was: How worse is the Shellshock bash bug than Heartbleed?]
coderman
coderman at gmail.com
Wed Oct 1 07:04:19 PDT 2014
On 10/1/14, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> Suspect this is just the top of the shellshock iceberg:
> http://www.theregister.co.uk/2014/09/30/openvpn_open_to_shellshock_researcher/
> OpenVPN open to pre-auth (in certain configurations).
if you are using any of the up, down, ipchange, route-up, tls-verify,
auth-user-pass-verify, client-connect, client-disconnect, or
learn-address scripts with openvpn you are not operating in a security
conscious manner.
to reiterate, in case anyone missed it: exposing a shell to untrusted
inputs is insanity. this is true even if you manage to make your
environment variable sanitization apparently robust.
> Btw, people scared by HB probably will get close to clinically
> paranoid if the next HB allows "write anywhere" ;) { :; } ;)
part of my intent was to convey that heartbleed easily leads to
arbitrary exec; even if not directly so ala shellshock.
so agree to disagree indeed; thus far heartbleed has medical pwnage
and altcoin pilferage to credit, while shellshock is a farce of
consumer crap and sloppy run yawn vulns; the mythical wide worm yet to
materialize...
due time will tell, of course! :P
best regards,
More information about the Testlist
mailing list