What you need to know about the Bash “Shellshock” vulnerability

nsgIn the light of the recent Bash vulnerability known as “Shellshock” (CVE-2014-6271 and CVE-2014-7169), here’s the reality instead of the hype.

Shellshock is a newly-discovered vulnerability in Bash (the Bourne Again Shell), one of the most commonly used shells on Linux, UNIX and OS X.

Although it can be exploited in some cases, the good news is that not all implementations can be exploited, and only certain services and applications allow a hacker to exploit this issue.

See our articles and other resources on Naked Security and at sophos.com/shellshock for an explanation of the vulnerability itself.

In addition, we have examined our products and we are confident that the Shellshock vulnerability can’t be exploited in any Sophos product.

As far as we’re aware, we don’t have any servers or services that could have been exploited due to his bug. This includes our internal business systems, Sophos web servers, update servers, partner portal and support forums.

For the latest information on how this bug affects Sophos products, please refer to our knowledgebase article from Sophos Support.

One thought on “What you need to know about the Bash “Shellshock” vulnerability

  1. Pingback: What is Shellshock? This infographic explains how a Shellshock attack works and how to stay safe | Sophos Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s