Tech-2 Security

The Shellshock Vulnerability ( CVE – 2014 – 6271/7169) has been rated as a 10/10 for criticality and therefore should be addressed as soon as possible.  To remedy the issue you will need to first work out which systems are affected and apply the relevant vendor patches. Any system running a linux or linux based OS could potentially be at risk, including some versions of OS X, therefore keep in mind all appliances as well as servers and workstations when investigating your estate. Most vendors have by now issued statements as to the current status of their products so visiting the vendor websites is always a good place to start. Visit this site to find out more information and how to test for the vulnerability. https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/

Fortinet's Response to Shellshock vulnerability. What is Shellshock? Shellshock is a vulnerability discovered in the ubiquitous GNU Bourne Again Shell (Bash) program which can allow an attacker to remotely execute arbitrary code on a target system. Bash is commonly used in many Linux, Unix and Mac OS X operating systems. It also likely impacts Apple's iOS mobile operating system and Google's AndroidOS. Who is affected? While Bash is a local shell, it is used in many programs on the Internet to set environment variables which are then used in the execution of other programs. How does it work? Programs often use environment variables in their operations. If specially crafted extra code is added inside an environment variable, the operating system will execute that code. For example: Should I be worried? If you are the owner or maintainer of a server or other Internet infrastructure, you should patch your machines as quickly as possible. The nature of this exploit