On Thu, 25 Sep 2014 13:00:16 -0700 Bob Hanson <d2mp1a9 at newsguy.com> wrote: > Critical bash vulnerability CVE-2014-6271 may affect Python on > *n*x and OSX: > > <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271> > > <http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/> > > <http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html> > > <http://www.openwall.com/lists/oss-security/2014/09/24/17> > > Also see <news:gmane.comp.security.fulldisclosure> for thread on > same being started today. Fortunately, Python's subprocess has its `shell` argument default to False. However, `os.system` invokes the shell implicitly and is therefore a possible attack vector. Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4