[CentOS] firefox: annoyance

Fri Sep 26 23:02:55 UTC 2014
Keith Keller <kkeller at wombat.san-francisco.ca.us>

On 2014-09-26, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> On Fri, September 26, 2014 5:13 pm, John R Pierce wrote:
>>
>> linux apache web servers with the bash exploit are getting owned en
>> masse today.     my (patched) internet web server has logged 100s and
>> 100s of attempts like...
>>
>> 66.186.2.172 - - [26/Sep/2014:00:49:29 -0700] "GET /cgi-bin/test.sh
>
> I feel really stupid, but I have to ask. If your server wasn't patched, it
> only would have owned by the above if that file exists, is executable by
> apache and it indeed invokes bash (say, has #!/bin/bash or whatever bash
> location is as first line), right? ;-)

At first glance I would agree with you, but then I would wonder, if that
request wouldn't work almost anywhere, why are the skr1pt k1dd13s doing
it?

--keith

-- 
kkeller at wombat.san-francisco.ca.us