[prev in list] [next in list] [prev in thread] [next in thread]
List: mingw-users
Subject: Re: [Mingw-users] "Shellshock" security bug in Msys bash??
From: Michael Gerdau <mgd () qata ! de>
Date: 2014-10-04 23:07:01
Message-ID: 1911267.Te8YknPEQL () hamiller ! site
[Download RAW message or body]
[some info on shellshock skipped]
> it does appear that a version of bash is used for the Msys command shell.
That is correct.
> So I wonder whether anyone has investigated whether the "Shellshock" bug
> affects Msys bash, and if so, has there been any fix/update for the
> problem?
It does affect MSYS bash.
However the danger posed to your system is likely to be rather limited.
AFAICT in a local environment it is close to null - after all a program
run by you locally that is crafted to make use of this bug could much
more easily directly attack your system.
In a nutshell:
unless you expose access to that shell to the outside world (e.g. by a
webserver like apache via CGI) you are fairly unlikely to become a victim
of this bug. On the other hand IF you do just that you probably run a
high risk to become a victim...but then you probably should be running
a linux server anyway :)
HTH, best wishes,
Michael
--
Michael Gerdau email: mgd@qata.de
GPG-keys available on request or at public keyserver
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
MinGW-users mailing list
MinGW-users@lists.sourceforge.net
This list observes the Etiquette found at
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same. Disregard for the list etiquette may \
cause your account to be moderated.
_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:mingw-users-request@lists.sourceforge.net?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic