Content deleted Content added
updating cites |
Citation bot (talk | contribs) Add: website. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | Category:Injection exploits | #UCB_Category 1/23 |
||
Line 52:
: When using Bash to process email messages (e.g. through .forward or qmail-alias piping), the [[qmail]] mail server passes external input through in a way that can exploit a vulnerable version of Bash.<ref>{{cite mailing list |title=qmail is a vector for CVE-2014-6271 (bash shellshock) |date=27 September 2014 |author=Kyle George |mailing-list=qmail |url=https://lists.archive.carbon60.com/qmail/users/138578}}</ref><ref name="ITN-20140929"/>
; IBM HMC restricted shell
: The bug can be exploited to gain access to Bash from the [[restricted shell]] of the [[IBM Hardware Management Console]],<ref>{{cite web |url=https://www.ibm.com/developerworks/community/blogs/brian/resource/BLOGS_UPLOADED_IMAGES/shellshock.png |title=IBM HMC is a vector for CVE-2014-6271 (bash "shellshock") |website=[[IBM]] |archive-url=https://web.archive.org/web/20200119235509/https://www.ibm.com/developerworks/community/blogs/brian/resource/BLOGS_UPLOADED_IMAGES/shellshock.png |archive-date=2020-01-19}}</ref> a tiny Linux variant for system administrators. IBM released a patch to resolve this.<ref name="ibm-hmc">{{cite web |url=https://www-304.ibm.com/support/docview.wss?uid=ssg1S1004879 | title=Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) | publisher=IBM | date=3 October 2014 | access-date=2 November 2014}}</ref>
==Reported vulnerabilities==
| |||