CustomTech Blog: "Shellshock" - bash security vulnerability

Quick Contact

Tuesday, 30 September 2014

"Shellshock" - bash security vulnerability

"Shellshock" is a serious security vulnerability in the bash shell that is found in almost every UNIX and UNIX like system including Linux, Mac OS X and BSD.

"Shellshock" is really a shorthand, media friendly, term for what is more formally defined in the "Common Vulnerabilities and Exposures" list by the IDs: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187.

As many of the worlds web servers, cloud applications, mail servers, WIFI routers, firewalls, web filters, etc, etc are based on Linux and other UNIX derived technologies and probably use the "bash shell" to provide a "command line" interface for administrators and to run scripts and other software via web pages this presents a major security headache.


Don't panic! Software patches are available for the most exposed critical systems already. Remember that patching is half the story, disabling uncontrolled Internet access to vulnerable systems is the other half.


If you need help to work through the issues please don't hesitate to make contact with the CustomTech support team http://www.customtech.com.au/support.html and watch this blog for specific information on products we support.