It can be exposed by anything that invokes bash - which is a ton of stuff typically on Linux systems.
On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af <af@afmug.com> wrote: > PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, > so you need to patch any vulnerable system running Apache. > > Peter Kranz > Founder/CEO - Unwired Ltd > www.UnwiredLtd.com > Desk: 510-868-1614 x100 > Mobile: 510-207-0000 > pkr...@unwiredltd.com > > -----Original Message----- > From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf Of > Matt via Af > Sent: Thursday, September 25, 2014 10:27 AM > To: af@afmug.com > Subject: [AFMUG] Bash specially-crafted environment variables code > injection attack > > Bash specially-crafted environment variables code injection attack > > > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > >