[All_jlab_accounts] JLab Cyber Security Notice: Shellshock vulnerability

[Kandice Carter]

Sent on behalf of the JLab Cyber Security Team 
As you may have heard in the news, a rather dangerous vulnerability has been discovered that impacts Unix-based operating systems, such as Linux and Mac OS X. Windows is not affected by this vulnerability. The vulnerability is known as Shellshock, and it exploits the BASH shell to allow for the remote execution of commands. Exploits are currently being used to target and compromise servers (including web servers) accessible from the Internet. 


A patch for Red Hat Linux has been released, and Jefferson Lab has installed it on its servers and the systems the laboratory manages. Unfortunately, other Unix systems, such as Mac OS X, do not have patches available at this time. If you have a Mac OS X system or other Unix-based system, please monitor your operating system's vendor patching notices and install the update as soon as possible. 

More information can be found on the vulnerability at: 

http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html 

http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/ 

If you have any questions or concerns regarding this vulnerability, contact the JLab Cyber Security team at security at jlab.org or the IT Division Helpdesk at helpdesk at jlab.org or x7155. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/all_jlab_accounts/attachments/20140926/16b045be/attachment.html