|Matt Mossholder on 26 Sep 2014 08:53:23 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security|
DHCP clients don't choose servers. They send a broadcast and accept
whatever replies they get. Of course, only a host on the local subnet
can respond to a broadcast.
So, if somebody can get onto the same subnet as your webserver, and
its DHCP client is vulnerable (implementation-specific), then it could
potentially be compromised.
Again, it is more of a risk for things like laptops that frequent
foreign networks. I suspect systemd-networkd is immune since it tends
to avoid using bash for anything, but I am not certain on that. They
were just bragging about how their DHCP process executes in
milliseconds, and I can't imagine that they're using dhclient/etc to
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug