Shellshock

September 28, 2014

Shellshock

Shellshock (also known as Bashdoor) is an exploit that potentially allows attackers to run commands on vulnerable servers. The risks are still being analysed but currently the risk for our servers seems to be very low.

In order to exploit the bug the attacker needs to influence a server process that is running the Bash command shell. The most obvious way to exploit this on one of our web servers would be through the use of a Bash cgi script which, fortunately, none of our clients use.

The servers have been patched against this exploit (actually now a collection of different exploits) up to the latest identified weakness – CVE-2014-7187 and we will continue to monitor the situation and apply any further patches as and when they become available.