Security Bulletin: Bash Bug Vulnerability
As the “Shellshock” vulnerability gains more attention in the media and security industry, The Winxnet Security Team wants to help you gain a better understanding of this issue and, perhaps, a little peace of mind.
Are You Impacted?
This vulnerability affects Bash, a version of a ‘shell’ command line interface that is present on almost all Unix (like Linux and MacOS) systems. Think of it as an equivalent to Microsoft’s ‘command’. While most of you do not run Linux systems, it is still important to be aware of these vulnerabilities. If you do use Linux, the server needs to be configured in such a way that the hackers can gain access to the shell. In the vast majority of cases this can happen through a web server accessible from the Internet. However, even in this case the web application needs to have code that passes information to Bash. In short, it is unlikely that you are affected by this bug. If you are a Winxnet Security client your vulnerability to this bug is significantly decreased because we already have the controls in place to monitor exploit attempts.
You may, however, be affected through your 3rd party hosted web servers. That industry tends to use Linux and is a lot more likely to be vulnerable, and that is why this vulnerability is receiving so much attention. Ask your provider to assure that your hosted application is secured.
What Should You Do?
If you are not sure if you are affected by the Bash Bug, Winxnet has the ability to scan and detect this vulnerability – so do not hesitate to contact us. As always, we will continue to apply all updates to our clients as they become available. If you have any questions about your Information Security Program, schedule a call with an expert.