Not so long ago, [email protected] wrote: > On Fri, Sep 26, 2014 at 11:59 AM, Doug Hughes <[email protected]> wrote: > > > If the CGI in question is bash, this by itself is sufficient to get it to > > execute code that it otherwise should not have. > > > Or if the CGI is executed by a mechanism which involves /bin/sh, *and* > /bin/sh is bash. In this case, the language the CGI itself is written in is > irrelevant.
Not just Bash: The versions of zsh I have available are all vulnerable as well as Korn Shell on NetBSD (can't remember if that's the real thing or a clone) -- Joe Morris Atlanta history blog [email protected] http://atlhistory.com _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
