How we protect against the ShellShock bug

written by Christian kauhaus on 2014-09-26

A severe security issue in the bash shell dubbed ShellShock has been published on last Wednesday and has been mentioned in mainstream media. The bash version running at Flying Circus was vulnerable, but we have rolled out a security patch on Thursday. This means that our systems are reasonably safe again.

With help of the ShellShock bug, attackers can gain access to bash through remote exploits. If successful, attackers would have the same privileges as logged in users (for example via SSH) and could easily compromise applications. Since bash is virtually everywhere on UNIX/Linux systems, it is very hard to foresee possible attack vectors.

We have now deployed bash version 4.2_p48 which contains a security fix. There is currently some discussion on the net if the fix is complete or if there are still open holes left. In case that an improved fix will be made available, we are going to deploy it as soon as possible.

Update: An improved version of the security fix has been made available. We are currently rolling out that new version on our servers. In the meantime, further discussion revealed that even the improved fix may be incomplete. So we are staying tuned for a third fix to come...

Get in touch

Call us or send us an email.

fon: +49 345 219 401 0
fax: +49 345 219 401 28

Flying Circus Internet Operations GmbH
Leipziger Str. 70/71
06108 Halle (Saale)

Commercial register
AG Stendal as HRB 21169
VAT ID: DE297423633

Managing Directors:
Christian Theune, Christian Zagrodnick — 2016-2021Privacy