CVE-2014-6271 : Remote code execution through bash
mex
nginx-forum at nginx.us
Thu Sep 25 07:27:19 UTC 2014
foo ...
http://www.openwall.com/lists/oss-security/2014/09/24/17
"Note that on Linux systems where /bin/sh is symlinked to /bin/bash,
any popen() / system() calls from within languages such as PHP would
be of concern due to the ability to control HTTP_* in the env.
/mz"
$ ls -la /bin/sh
lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh -> dash
phew ':)
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253532,253537#msg-253537
More information about the nginx
mailing list