On Fri, Sep 26, 2014 at 8:44 AM, cgzones <[email protected]> wrote: > And OSSEC uses bash to invoke diff for the syscheck option report_changes > (in syscheck as root). I did not investigate right now how severe this is. >
Does it use bash or /bin/sh? > On 26 Sep 2014 13:12, "Chard" <[email protected]> wrote: >> >> Hi, >> >> I'm guessing that you have all heard on the news recently about the >> security hole in Unix/Linux `Bash`. >> >> http://www.zdnet.com/unixlinux-bash-critical-security-hole-uncovered-7000034021/ >> >> I don't think that this is the case, but does OSSEC use Bash shell >> commands via web HTTP or a Common-Gateway Interface (CGI), which could leave >> it venerable to attacks? >> >> Thanks. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
