Jim Popovitch jimpop at gmail.com
Wed Sep 24 22:27:03 UTC 2014

On Wed, Sep 24, 2014 at 6:17 PM, Brandon Whaley <redkrieg at gmail.com> wrote:
> The scope of the issue isn't limited to SSH, that's just a popular
> example people are using.  Any program calling bash could potentially
> be vulnerable.

Agreed.  My point was that bash is not all that popular on
debian/ubuntu for accounts that would be running public facing
services that would be processing user defined input (www-data,
cgi-bin, list, irc, lp, mail, etc).  Sure some non-privileged user
could host their own cgi script on >:1024, but that's not really a
critical "stop the presses!!" upgrade issue, imho.

-Jim P.

More information about the NANOG mailing list