×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
On Thu, 2014-09-25 at 20:33 +0000, Sue Baker wrote:
If you have added BASH to your IBM i in PASE, please check the
NIST CVE database for information about a newly discovered
vulnerability and then check with your source for BASH to obtain
a fix if necessary.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
I may be wrong, but... from what I can tell on what I've read so far, to
use the exploit you need access to bash, so if a cracker can't get to
bash then they can't use the exploit.
Now there might be applications that use bash that are web facing, so
some exploit of the application would be needed to be able to exploit
the bash exploit.
So, unless I'm reading it all wrong (a distinct possibility!), a user
would have needed to gain access to bash to use the bash exploit... If
they have got as far as bash I would have thought a way of exploiting it
would be the least of your worries?
Jon
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
