News / Shellshock – Recent urgent vulnerability
Urgent Vulnerability – Shellshock.
From time to time there is an urgent vulnerability identified that may impact our clients and is widely reported in the press. Some of this reporting can be fairly enthusiastic, and some customers have commented that they would appreciate a more professional view. So we have prepared the following positioning statement and suggested some specific actions. This might not be as much fun as melodramatic blind panic but could result in a vulnerable system being fixed.
What is it?
A vulnerability has been discovered in the widely used Linux/Unix BASH shell. Patches are already appearing from major vendors. The vulnerability is deemed High Impact and easy to exploit, examples are readily available on the internet. However, the conditions that need to be in place mean that most corporates will not be directly vulnerable from the internet. And internal threat is a possibility.
What do we recommend
Customers are advised to apply the relevant patches from their Linux/Unix vendors. Also appliance vendors that use Linux as their core should be contacted.
Note: most will not be vulnerable from outside but do check with a scan. I am afraid there is not a quick way to do this as the scripts can be in a lot of places.
Click on the following providers if you need more detailed information: Checkpoint, Cisco, Symantec.
What is ACSN doing
If you are a customer and would like us to do a quick and free vulnerability scan to see if you are externally vulnerable, please let us know, we will be happy to assist you.
If you require further advice, please contact us at +44 (0)845 519 2946 and one of our consultants will be in touch with you.