'Re: [Mingw-users] "Shellshock" security bug in Msys bash??'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mingw-users
Subject:    Re: [Mingw-users] "Shellshock" security bug in Msys bash??
From:       Michael Gerdau <mgd () qata ! de>
Date:       2014-10-04 23:07:01
Message-ID: 1911267.Te8YknPEQL () hamiller ! site
[Download RAW message or body]

[some info on shellshock skipped]

> it does appear that a version of bash is used for the Msys command shell.

That is correct.

> So I wonder whether anyone has investigated whether the "Shellshock" bug
> affects Msys bash, and if so, has there been any fix/update for the
> problem?

It does affect MSYS bash.

However the danger posed to your system is likely to be rather limited.
AFAICT in a local environment it is close to null - after all a program
run by you locally that is crafted to make use of this bug could much
more easily directly attack your system.

In a nutshell:
unless you expose access to that shell to the outside world (e.g. by a
webserver like apache via CGI) you are fairly unlikely to become a victim
of this bug. On the other hand IF you do just that you probably run a
high risk to become a victim...but then you probably should be running
a linux server anyway :)

HTH, best wishes,
Michael
-- 
 Michael Gerdau       email: mgd@qata.de
 GPG-keys available on request or at public keyserver

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
MinGW-users mailing list
MinGW-users@lists.sourceforge.net

This list observes the Etiquette found at 
http://www.mingw.org/Mailing_Lists.
We ask that you be polite and do the same.  Disregard for the list etiquette may \
cause your account to be moderated.

_______________________________________________
You may change your MinGW Account Options or unsubscribe at:
https://lists.sourceforge.net/lists/listinfo/mingw-users
Also: mailto:mingw-users-request@lists.sourceforge.net?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic