Shellshock – am I vulnerable?
If I have a VPS and just connect to it using SSH - am I vulnerable ?
or am I vulnerable through my home router ? I have no idea about the firmware on it. Is it possible that shellshock might have an effect on it ?
in short - what sort of use cases I should worry about ? I have not seen anybody explaining possible attack vectors about this thing yet... anybody have an idea ? SSH is calling a shell. If it is bash and the vulnerability test is positive http://fedoramagazine.org/shellshock-how-does-it-actually-wo... then your VPS is vulnerable and you better patch it. To other posters. This vulnerability is so trivial (it creates a function in an environment variable), not some kind of sophisticated buffer overflow etc., that I wonder if this was once a bash feature. Any comments? It's likely that your home router is behind NAT, so unless you're using DynDNS or a static IP address to make it reachable from the Net, you're probably safe there. Supposing that there's no uPNP enabled, no government trojans on it, and no script kiddies on your subnet.