loading

關於Shellshock 漏洞


最近Linux like 包含 BS,Mac OS X,甚至是 android 的作業系統都因爲共同用到bash這個歷史悠久的shell程式http://www.gnu.org/software/bash/ 而紛紛被喊出重大危險警告,難道是Linux界的香豬油事件 ?

有用戶問到PowerMail會不會也在這一波的名單中? 答案是必然的,報導上雖然說目前全球過半的伺服器都是用Linux系統,但我們猜應該是遠高於過半,幾乎所有的頻寬管理器,防火牆,甚至是簡單的IP分享器 也都大多是Linux血統,這些設備的風險也非常高。

但是由於 PowerMail是簡化的 Linux 系統,我們採用的 bash 是使用 busybox 這個壓縮的指令集 , 目前尚無明確指出有相關的問題 , 不過PowerMail內部也的確有bash,但我們並沒有開放 shell / telnet 或 ssh 服務,在 web 上也沒有使用 sh 來執行 CGI 網頁,所以我們認爲相對危險性已經非常低。

技術發布

8 Comments

  • I believe you have mentioned some very interesting details, thanks for the post. Aveline Anders Slemmer

  • What a material of un-ambiguity and preserveness of precious know-how regarding unpredicted feelings. Maddy Baillie Shanda

  • This is my first time visit at here and i am in fact pleassant to read everthing at alone place. Christabella Harland Belsky

  • The condition of the person seeking nursing care is the key element in your choice of a long-term care center. Cloe Tully Galanti

  • If you wish for to get a good deal from this post then you have to apply these methods to your won weblog. Karyn Lennie Virgilio

  • Every weekend i used to visit this website, because i want enjoyment, as this this website conations really nice funny stuff too. Vilma Ellis Merce

  • Way cool! Some very valid points! I appreciate you writing this post plus the rest of the website is really good. Kylila Levi Wightman

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。