

Shellshock – am I vulnerable? - vladtaltos

If I have a VPS and just connect to it using SSH - am I vulnerable ?<p>or am I vulnerable through my home router ? I have no idea about the firmware on it. Is it possible that shellshock might have an effect on it ?<p>in short - what sort of use cases I should worry about ? I have not seen anybody explaining possible attack vectors about this thing yet... anybody have an idea ?
======
firebrand39
SSH is calling a shell. If it is bash and the vulnerability test is positive
[http://fedoramagazine.org/shellshock-how-does-it-actually-
wo...](http://fedoramagazine.org/shellshock-how-does-it-actually-work/) then
your VPS is vulnerable and you better patch it.

To other posters. This vulnerability is so trivial (it creates a function in
an environment variable), not some kind of sophisticated buffer overflow etc.,
that I wonder if this was once a bash feature.

Any comments?

------
bespoke_engnr
It's likely that your home router is behind NAT, so unless you're using DynDNS
or a static IP address to make it reachable from the Net, you're probably safe
there.

Supposing that there's no uPNP enabled, no government trojans on it, and no
script kiddies on your subnet.

