[dns-operations] ShellShock exploit through the DNS

P Vixie paul at redbarn.org
Tue Oct 14 11:17:11 UTC 2014


This seems bogus to me.

assert(0==getnameinfo((struct sockaddr *)&sa, sizeof sa,
host, sizeof host, NULL, 0, NI_NAMEREQD));

printf("Lookup result: %s\n\n", host); 

assert(setenv("REMOTE_HOST",host,1) == 0);
execl("/bin/bash",NULL);

Who does this? Where, in the actual world, is code deployed that does what this supposed PoC does? Isn't it just a rigged demo?

Vixie
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141014/77ea584b/attachment.html>


More information about the dns-operations mailing list