Yeah I am trying to figure out what else I may be operating that is vulnerable. UBNT? Mikrotik? Cisco?
-Ty On Thu, Sep 25, 2014 at 3:00 PM, Josh Baird via Af <af@afmug.com> wrote: > It can be exposed by anything that invokes bash - which is a ton of stuff > typically on Linux systems. > > On Thu, Sep 25, 2014 at 2:25 PM, Peter Kranz via Af <af@afmug.com> wrote: > >> PS.. This vulnerability can be exploited via HTTP/Apache attack vectors, >> so you need to patch any vulnerable system running Apache. >> >> Peter Kranz >> Founder/CEO - Unwired Ltd >> www.UnwiredLtd.com >> Desk: 510-868-1614 x100 >> Mobile: 510-207-0000 >> pkr...@unwiredltd.com >> >> -----Original Message----- >> From: Af [mailto:af-bounces+pkranz=unwiredltd....@afmug.com] On Behalf >> Of Matt via Af >> Sent: Thursday, September 25, 2014 10:27 AM >> To: af@afmug.com >> Subject: [AFMUG] Bash specially-crafted environment variables code >> injection attack >> >> Bash specially-crafted environment variables code injection attack >> >> >> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >> >> >