Bash ShellShock vulnerability (2014)

Document created by pete_mccoy1.3055586893899446E12 Employee on Sep 29, 2014Last modified by mike_aronson on Mar 20, 2017
Version 4Show Document
  • View in full screen mode
Bash ShellShock vulnerability - What has Dell-Boomi done to mitigate risks?

Dell-Boomi became aware of the “ShellShock” Bash Code Injection Vulnerability (CVE-2014-6271) late Wednesday September 24th, 2014.  We began updating the version of bash on our production servers Thursday morning (9/25/2014).  We needed to reach out to our hosting provider RackSpace for some account adjustments.  By Friday morning, (9/26/2014), all of our production systems had been patched with a version of bash that mitigates CVE-2014-6271.

 

On Thursday, (9/25/2014), Red Hat announced that the patch for CVE-2014-6271 was incomplete.  They still recommended updating to this version while they worked on a patch for the new issue (CVE-2014-7169).

 

Red Hat released a patch for CVE-2014-7169, (Friday, September 26th) and as of 3:05 PM (EDT) on 9/26/2014, all production servers had been patched for both CVE-2014-6271 and CVE-2014-7169. 
We are still investigating, but at the time of this update, we have not found any indication of issues caused by the “ShellShock” Bash Code Injection Vulnerability.
1 person found this helpful

Attachments

    Outcomes