26 Sep
2014
26 Sep
'14
6:28 a.m.
On 26 Sep 2014 05:46, "Cliff Pratt" enkiduonthenet@gmail.com wrote:
Take the case of an Apache Bash CGI. This will have been loaded when
Apache
started, so Apache will have to be restarted to get the new one. There may be other similar cases. So the best thing is to reboot.
This is false and a major misunderstanding of the vulnerability.
1) the vulnerability is just during initialisation of bash. Once it is running it is beyond the vulnerable stage and needs no restarting 2) in a CGI of #!/bin/bash or for a system call with any other language for CGI bash gets executed on demand... It does not do what you say...