Security Advisory – “Shellshock” Vulnerability

Bango can confirm after extensive checks that no Bango systems have been affected by Shellshock (aka “The Bash bug”) or are vulnerabe to this attack.

It is important that you are fully aware of Shellshock and its potential impact on you.

A critical vulnerability has been reported in the GNU Bourne Again Shell (Bash), the common command-line shell used in most Linux/UNIX operating systems and Apple’s Mac OS X.

The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system https://www.us-cert.gov/ncas/alerts/TA14-268A

The current patches for CVE-2014-6271 are incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. It is advised to install existing patches and pay attention for updated patches that address CVE-2014-7169.

If you believe that your system may have been compromised due to this vulnerability, we recommend that you notify Bango and immediately change your Bango passwords and credentials.

Otherwise, while it remains good practice that you change your passwords regularly, there is no requirement to change the passwords to your Bango service management log-in as a result of this vulnerability.

Bango recommends that you test your own systems regularly for security flaws, and you should also be aware that “bash” use is not limited to webservers. It is also used widely in hardware and software network products. You should test for this specific vulnerability in any of your own systems that you use to connect to Bango.

This entry was posted in Bango service updates and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s