[dns-operations] ShellShock exploit through the DNS

Florian Weimer fw at deneb.enyo.de
Sat Oct 18 20:06:07 UTC 2014

* Paul Vixie:

>     #
>     Tony Finch
>     Tuesday, October 14, 2014 5:31 AM
>     A CGI script invoked by Apache httpd with HostnameLookups On
>     (the default is Off, a safer setting is Double)
> thanks, that makes sense. the security advisory posted here did not
> mention any real world examples. i agree that apache with
> HostnameLookups turned on, on redhat or apple systems where /bin/sh
> is bash, is a real world example.

There have been reports that this is a problem with the Apple system

Red Hat Enterprise Linux does not have this vector.  It uses the
regular glibc resolver, which is based on the old BIND stub resolver,
and this code has both escaping from wire format to the textual
representation (which destroys the magic pattern) and the res_hnok
check (which rejects shell meta-characters).

More information about the dns-operations mailing list