On 9/26/2014 3:36 PM, Valeri Galtsev wrote:
On Fri, September 26, 2014 5:13 pm, John R Pierce wrote:
>On 9/26/2014 2:51 PM, Always Learning wrote:
>>Probably all Windoze
>
>linux apache web servers with the bash exploit are getting owned en
>masse today. my (patched) internet web server has logged 100s and
>100s of attempts like...
>
>66.186.2.172 - - [26/Sep/2014:00:49:29 -0700] "GET /cgi-bin/test.sh
I feel really stupid, but I have to ask. If your server wasn't patched, it
only would have owned by the above if that file exists, is executable by
apache and it indeed invokes bash (say, has #!/bin/bash or whatever bash
location is as first line), right?
no. mod_cgi launches /bin/sh and passes it the command, even if the
file doesn't exist. and /bin/sh is linked to bash
--
john r pierce 37N 122W
somewhere on the middle of the left coast
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
