On Thu, Sep 25, 2014 at 6:29 PM, Edward Ned Harvey (lopser) < [email protected]> wrote:
> My opinion: The only way to exploit the bug is to *first* run some > malicious code that would tweak your environment such that the bug is then > being exploited. I haven't looked to see if Apple's "Web Sharing" involves any CGI scripts. If it does, then Web Sharing is vulnerable. At least Apple doesn't use a DHCP client that passes random server-provided DHCP options to a configuration program in the environment. -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
