On Wed, Sep 24, 2014 at 4:50 PM, Nico Kadel-Garcia nkadel@gmail.com wrote:
Given the mod_cgi effects, especially for Nagios and other servers, I'd urge caution and stage environment testing before mass deployment.
What is likely to break? And what things are likely to allow the attack? That is, besides ssh command restrictions, where can you set arbitrary env variables where you wouldn't have had access to execute a shell command directly.