[dns-operations] ShellShock exploit through the DNS
P Vixie
paul at redbarn.org
Tue Oct 14 11:17:11 UTC 2014
This seems bogus to me.
assert(0==getnameinfo((struct sockaddr *)&sa, sizeof sa,
host, sizeof host, NULL, 0, NI_NAMEREQD));
printf("Lookup result: %s\n\n", host);
assert(setenv("REMOTE_HOST",host,1) == 0);
execl("/bin/bash",NULL);
Who does this? Where, in the actual world, is code deployed that does what this supposed PoC does? Isn't it just a rigged demo?
Vixie
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141014/77ea584b/attachment.html>
More information about the dns-operations
mailing list