INTERACT FORUM

More => Old Versions => JRiver Media Center 20 for Mac => Topic started by: JimH on September 25, 2014, 11:04:51 am

Title: OSX Security Problem with the Bash shell
Post by: JimH on September 25, 2014, 11:04:51 am

http://www.tomsguide.com/us/shellshock-osx-linux,news-19614.html

Title: Re: OSX Security Problem with the Bash shell
Post by: glynor on September 25, 2014, 12:30:33 pm

Yeah. That's a bad one. And it has been in there forever.

Title: Re: OSX Security Problem with the Bash shell
Post by: glynor on September 26, 2014, 12:37:35 pm

Further info on this:

If you are a normal desktop OSX user, you are almost certainly unaffected by this problem (for remote exploits anyway, which is the bad issue).  Tests have now been done and, unlike Linux, OSX's DHCP client is not vulnerable.

To be impacted, you'd have had to have enabled Apache and vanilla CGI (not a default configuration even if you enable the web server), or have SSH enabled with something like ForceCommand enabled (restricted shell access for certain users).

There may be some other advanced configurations that could be impacted, but not by default, and basically nothing you can "turn on" through the GUI.