The GNU Bash (“Bourne Again Shell”, /bin/bash) is reported to have security vulnerabilities nicknamed “Shellshock” CVE-2014-6271.
The Shell is installed and used on nearly all Linux, Unix and MacOS X systems. There are various attack vectors known, where the weakness of the bash shell can be exploited. Among those are also unauthenticated attacks against CGI-Scripts (Web Server), DHCP Clients (System Service) or Login Shells.
Similar to the Heartbleed vulnerability, this is affecting all infrastructure services.
The weakness is actively exploited. It is therefore strongly recommended to update all affected systems with patches provided by the vendor.
There is the potential that the increased focus on bash will lead to further vulnerabilities being discovered in the coming days. We recommend you monitor your systems and the further development closely.
SEEBURGER has analyzed all SEEBURGER products and infrastructure services.
SEEBURGER is not aware of any possibility for an unauthenticated attacker to control environment variables.
For any questions about your SEEBURGER environment please contact us by opening an incident ticket. If you are not a customer and would like further information, please email us at: firstname.lastname@example.org with the subject line, ‘Shellshock Security Vulnerability’
Customers can login to our knowledge base for more information here: Service Portal