Douglas Ray wrote: > those of you who haven't been up into the small hours looking at the > bash shellshock bug: > > summarized here: > http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ > which gives the following useful test > env X="() { :;} ; echo busted" `which bash` -c "echo completed" > and claims the bug exists from version 1.13 .. 4.3.
Just out of curiosity, I thought would try out the above test; on the CLI interface on my Netcomm NB64W ADSL2+ router; (standard issue iPrimus ). Thought there was a reasonable chance it used BASH; I can TELNET 192.168.1.1 to a login prompt ; but the u/n ADMIN password doesn't seem to be the same as that for the WEB interface; anyone have any suggestions for a default p/w; or is iPrimus likely to have just locked the CLI down with no access possible ? As mentioned nothing urgent; but responses appreciated ! regards Rohan McLeod _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
