[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux_var] shellshock quali sw a rischio ?

To: talking@ml.linuxvar.it
Subject: Re: [linux_var] shellshock quali sw a rischio ?
From: Elena ``of Valhalla'' <elena.valhalla@gmail.com>
Date: Fri, 26 Sep 2014 12:53:11 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1411728735; bh=5WPkcAnBTkyhLHOvNN62n55uAwCr7ikxq6JI44oDxO4=; h=Date:From:To:References:In-Reply-To:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe; z=Date:=20Fri,=2026=20Sep=202014=2012:53:11=20+0200|From:=20Elena=2 0``of=20Valhalla''=20<elena.valhalla@gmail.com>|To:=20talking@ml.l inuxvar.it|References:=20<CAGod1SBAZ9Htw0MF=3DnRQjV_DpE17k0s00q-Ae jAW=3DGYKF2nByg@mail.gmail.com>|In-Reply-To:=20<CAGod1SBAZ9Htw0MF= 3DnRQjV_DpE17k0s00q-AejAW=3DGYKF2nByg@mail.gmail.com>|Subject:=20R e:=20[linux_var]=20shellshock=20quali=20sw=20a=20rischio=20?|Reply -To:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20Mailing =20List=0D=0A=20<talking@ml.linuxvar.it>|List-Id:=20linux_var=20-= 20LUG=20di=20Varese=20e=20Provincia=20Mailing=20List=0D=0A=20<talk ing.ml.linuxvar.it>|List-Unsubscribe:=20<http://ml.linuxvar.it/cgi -bin/mailman/options/talking>,=0D=0A=20<mailto:talking-request@ml. linuxvar.it?subject=3Dunsubscribe>|List-Archive:=20<http://ml.linu xvar.it/pipermail/talking/>|List-Post:=20<mailto:talking@ml.linuxv ar.it>|List-Help:=20<mailto:talking-request@ml.linuxvar.it?subject =3Dhelp>|List-Subscribe:=20<http://ml.linuxvar.it/cgi-bin/mailman/ listinfo/talking>,=0D=0A=20<mailto:talking-request@ml.linuxvar.it? subject=3Dsubscribe>; b=A8vE/o3mywf/kKMlfAjvdga/6ZkrrvkqcVR15+9B05hc3gdBOWxsdWl5ECDD84kKX +hRRa/Cmy0B43ZZcv54SxCdc8zYGhAX5nNMWNsVdl6Qrw0vhLCI9voixblqbB8FbAT EL0ADif0FhGISpJDTVjoDU8C83ae5/wvB5mPKnQM=
In-reply-to: <CAGod1SBAZ9Htw0MF=nRQjV_DpE17k0s00q-AejAW=GYKF2nByg@mail.gmail.com>
List-archive: <http://ml.linuxvar.it/pipermail/talking/>
List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>
List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>
List-post: <mailto:talking@ml.linuxvar.it>
List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>
List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>
Mail-followup-to: talking@ml.linuxvar.it
References: <CAGod1SBAZ9Htw0MF=nRQjV_DpE17k0s00q-AejAW=GYKF2nByg@mail.gmail.com>
Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
Sender: "Talking" <talking-bounces@ml.linuxvar.it>
User-agent: Mutt/1.5.23 (2014-03-12)

On 2014-09-26 at 12:42:30 +0200, Giovanni Orlandi wrote:
> A me sembrerebbe che una LAMP base non sia bucabile,
> perché di default non ci sono proprio script bash che vengono lanciati,
> mentre probabilmente la configurazione standard di qualche CMS lo è...

non serve necessariamente che vengano lanciati script bash, potrebbero 
anche essere shell aperte dall'interno degli script tramite le varie 
varianti di system

> Qualcuno ha notizie + attendibili degli sproloqui sulla stampa e/o sul sole
> 24 ore ?

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

https://security-tracker.debian.org/tracker/CVE-2014-6271

-- 
Elena ``of Valhalla''
_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

References:
- [linux_var] shellshock quali sw a rischio ?
  - From: Giovanni Orlandi <orlangio@gmail.com>

Prev by Date: [linux_var] shellshock quali sw a rischio ?
Next by Date: Re: [linux_var] shellshock quali sw a rischio ?
Previous by thread: [linux_var] shellshock quali sw a rischio ?
Next by thread: Re: [linux_var] shellshock quali sw a rischio ?
Index(es):
- Date
- Thread