On Thu, 25 Sep 2014 16:47:29 -0700, Charles Mills wrote: >While we're being OT here, can anyone explain this to me in practical terms? > >Sally has a basic everyday Mac running unpatched OS X. It is connected to the >Internet for Web browsing and e-mail, but she does not operate a Web server. >Let's for argument's sake assume no firewall. Is Sally vulnerable to this? > >I am guessing that if she is vulnerable it is because someone can telnet to >her machine, > Not unless she enables telnet in System Preferences. I don't even know if that's an option. ssh is. I rarely turn it on.
>run the Bash shell, and trick OS X into executing arbitrary commands in some >sort of su-type mode? Yes? No? > >If she's not vulnerable, what sort of *IX machine is? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN