"Shellshock" Recently discovered Bash vulnerability

 |  By: Nick Lane

Last week the so called "Shellshock" vulnerability became public knowledge. This affects Bash (a command shell and scripting language) that is present in Unix derived platforms including Mac OSX.

Neither Synergist nor 4D include Bash, so our initial investigations show there are no direct vulnerabilities that need addressing within the software we provide.

The Mac OSX platform that many of our clinets use does appear to have a potential vulnerability.

Apple issued this statement on Fri 26th Sep.

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," it continues. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."

With Apple not defining what they mean by “advanced UNIX services” we would advise any clients running OSX server to keep an eye out for any security patches Apple release and apply them promptly to help ensure the security of their OSX environment is maintained.

If your Synergist server is on a Windows platform then this is unaffected by this vulnerability as Bash is not a component of the Windows OS.