How worse is the shellshock bash bug than Heartbleed?
deatos at gmail.com
Tue Sep 30 11:04:05 PDT 2014
Or cpanels suid scripts that invoke bash? :)
On Tue, Sep 30, 2014 at 11:05 AM, Georgi Guninski <guninski at guninski.com>
> On Tue, Sep 30, 2014 at 03:59:33PM +0200, Lodewijk andré de la porte wrote:
> > On Sep 30, 2014 3:40 PM, "Georgi Guninski" <guninski at guninski.com>
> > >
> > > If I had a budget for buying sploits, I would
> > > pay much more for shockshell than for HB, might be wrong.
> > This is a really good metric. It instantly combines utility with
> > etc.
> > HB obtains you the root password, too. Maybe you have to wait for the
> > to log in, but still. It also doesn't leave a trace, which is neat.
> Is there a reference that HB _alone_ gets you the root password?
> Maybe I am dumb, but don't see way to get the root password in
> sound setup even if I can ptrace() httpd.
> > HB gets you exploits for some very serious competitors. Shellshock only
> > silly competition and, unless they're really silly, requires another
> > exploit for root.
> Probably shellshock will give you root via DHCP and
> for another root exploit you might try to shock suid stuff :)
> On the web the myriads of buggy cgi's probably can compete
> with shellshock, though it is more universal and allegedly
> works for significant amount of daemons.
> > So.. it depends! On too much. For me personally shellshock is an easier
> > exploit but heartbleed can be way more fun. Hmm... have to go with
> > heartbleed in the end. Real users often use the same password, so that'd
> > let me take open wifi users by surprise. If you'd want you can take
> > servers, even though it's a tease harder.
Phone: 1 (434) 933-2867
My Website: http://www.deatoslabs.com
My Security Blog: http://deatos.blogspot.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 2565 bytes
Desc: not available
More information about the cypherpunks