How worse is the shellshock bash bug than Heartbleed?

Georgi Guninski guninski at
Tue Sep 30 06:26:03 PDT 2014

On Tue, Sep 30, 2014 at 02:24:44PM +0200, rysiek wrote:
> > Shellshock affects clients, including admins :)
> > 
> > Over DHCP you get instant root.
> > 
> > Over qmail local delivery, without any interaction
> > you get the lusers $HOME and /var/mail and having
> > in mind the state of current kernels the road
> > to euid 0 is not very long.
> > 
> > It might affect some suid progies too.
> Yeah, but that means the danger level is somewhere on the "client-side root" 
> side, rather than "server-side root".

Client side and server side are related.

Would you be comfortable to admin a server from
a rooted client? (I can offer you free shell to
ssh out of it ;).

> > AFAICT HB didn't allow code execution, just reading memory.
> "Just" potentially reading plaintext passwords straight off of RAM, SSL/TLS 
> certificates, GPG keys, etc., potentially (and demonstrably!) giving one a way 
> not only to take over the given server, but to decrypt past saved 
> communications with a given host, if the host used SSL without perfect forward 
> secrecy.
> Shellshock is more of a "personal client hygiene" kind of bug (a bad one, but 
> still); HB was "we're *all* affected and fucked, change passwords NOW and hope 
> for the best".

If I had a budget for buying sploits, I would
pay much more for shockshell than for HB, might
be wrong.

> -- 
> Pozdr
> rysiek

More information about the cypherpunks mailing list