[CentOS-devel] Critical update for bash was released today.
Les Mikesell
lesmikesell at gmail.com
Thu Sep 25 15:51:38 UTC 2014
On Wed, Sep 24, 2014 at 4:50 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> Given the mod_cgi effects, especially for Nagios and other servers, I'd urge caution and stage environment testing before mass deployment.
>
What is likely to break? And what things are likely to allow the
attack? That is, besides ssh command restrictions, where can you set
arbitrary env variables where you wouldn't have had access to execute
a shell command directly.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS-devel
mailing list