This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

How vulnerable are bash users to shellshock bug?


According to http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained,
shellshock is exploited when someone submits commands in place of parameter
data to a server, which then tries to shove the info into an environment
variable by a bash invocation.  

I (and I suspect many people) only use bash as a command line user
interface.  I don't run any services from the cygwin installation, and I
don't invoke any cygwin commands from Windows services (I know very little
about Windows services).  Would it be correct to say that the vulnerability
doesn't exist in such a scenario?  I can update some cygwin installations,
but some I cannot (and in those cases, cygwin is installed under
non-administrator accounts).


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]