|
|
|
|
|
|
by krunkosaurus
4288 days ago
|
|
|
Isn't this all just armchair prophesying? Let's see some screenshots actual exploits from anyone. It's hard to gain access to someone's shell unless it's 1990 and a server is using CGI-BIN. People are retweeting that this is "WORSE THAN HEARTBLEED!!!!111!" but Heartbleed literally left practically every server susceptible. I ran sample exploit code against a number of tests hosts and saw mysql queries and passwords streaming in plain text. Yeah shellshock is a big deal but I've yet to the ground rumble and shake and Y2K x 10000 happen. This seems like a big deal but it actually isn't. Most likely no one can access your shell. Patch and move on. |
|
|
http://blog.phusion.nl/2014/09/25/security-advisory-phusion-...
What about the rest of your servers? I can't claim to know that none of mine don't call system() somewhere deep in them.