amb-plugg at bradfords.org
Wed Oct 1 10:18:46 MDT 2014
Thus said Dan Egli on Wed, 01 Oct 2014 02:28:45 -0700:
> Interesting that they're encoding the attack in the useragent string.
That's just one vector. Basically, any process that takes untrusted user
provided data and stuffs it in an environment variable that then gets
exported/passed on to another process can be used as a vector to exploit
This could include, for example, tcpserver -h which will lookup the PTR
for IP address of the remote host connecting to it and stuff it into a
variable called TCPREMOTEHOST which is then passed on to whatever it
executes next in the chain.
So, this could creep up in ways that you may not consider possible.
TAI64 timestamp: 40000000542c2988
More information about the PLUG