On 9/26/2014 3:36 PM, Valeri Galtsev wrote:
On Fri, September 26, 2014 5:13 pm, John R Pierce wrote:
On 9/26/2014 2:51 PM, Always Learning wrote:
Probably all Windoze
linux apache web servers with the bash exploit are getting owned en masse today. my (patched) internet web server has logged 100s and 100s of attempts like...
66.186.2.172 - - [26/Sep/2014:00:49:29 -0700] "GET /cgi-bin/test.sh
I feel really stupid, but I have to ask. If your server wasn't patched, it only would have owned by the above if that file exists, is executable by apache and it indeed invokes bash (say, has #!/bin/bash or whatever bash location is as first line), right?
no. mod_cgi launches /bin/sh and passes it the command, even if the file doesn't exist. and /bin/sh is linked to bash