[dns-operations] ShellShock exploit through the DNS

Tony Finch dot at dotat.at
Tue Oct 14 12:31:45 UTC 2014

P Vixie <paul at redbarn.org> wrote:
> Who does this? Where, in the actual world, is code deployed that does
> what this supposed PoC does?

A CGI script invoked by Apache httpd with HostnameLookups On
(the default is Off, a safer setting is Double)

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Trafalgar: Cyclonic in northwest, otherwise mainly northerly or northwesterly
5 or 6. Slight or moderate. Showers in northwest. Good.

More information about the dns-operations mailing list