Shellshock resolution - is patching alone enough?
I was researching a mess that a user left on a box and searching for (deleted) files with lsof (I'm sure many of you know what I am talking about ;-)
Anyhow.. I discovered the following in my output
PROCESS.s 13039 jboss txt REG 253,1 903336 1180605 /bin/bash (deleted)
Which I believe is due to the fact that the process was started, then bash was updated (replaced) leaving that orphaned file and remaining resident in memory.
Does anyone know if the comprimise vector only applies to when a new bash process is spawned? Or is it also an issue with the parents?
Thoughts?