How worse is the shellshock bash bug than Heartbleed?
Georgi Guninski
guninski at guninski.com
Tue Sep 30 08:05:24 PDT 2014
On Tue, Sep 30, 2014 at 03:59:33PM +0200, Lodewijk andré de la porte wrote:
> On Sep 30, 2014 3:40 PM, "Georgi Guninski" <guninski at guninski.com> wrote:
> >
> > If I had a budget for buying sploits, I would
> > pay much more for shockshell than for HB, might be wrong.
>
> This is a really good metric. It instantly combines utility with potential
> etc.
>
> HB obtains you the root password, too. Maybe you have to wait for the admin
> to log in, but still. It also doesn't leave a trace, which is neat.
>
Is there a reference that HB _alone_ gets you the root password?
Maybe I am dumb, but don't see way to get the root password in
sound setup even if I can ptrace() httpd.
> HB gets you exploits for some very serious competitors. Shellshock only for
> silly competition and, unless they're really silly, requires another
> exploit for root.
>
Probably shellshock will give you root via DHCP and
for another root exploit you might try to shock suid stuff :)
On the web the myriads of buggy cgi's probably can compete
with shellshock, though it is more universal and allegedly
works for significant amount of daemons.
> So.. it depends! On too much. For me personally shellshock is an easier
> exploit but heartbleed can be way more fun. Hmm... have to go with
> heartbleed in the end. Real users often use the same password, so that'd
> let me take open wifi users by surprise. If you'd want you can take
> servers, even though it's a tease harder.
More information about the cypherpunks
mailing list