By now many of you have become familiar with a new IT systems vulnerability nicknamed "Shellshock".
With the wave of systems breaches and vulnerability exploits making the headlines during the past 9 months, it is understandable that there is concern about what the Shellshock vulnerability might mean to your IT systems. We wanted to give you our update on this latest vulnerability and what we are seeing so far.
(Updated with Citrix info 10/13)
What is it?
Shellshock impacts a Linux-based program called Bash that is incorporated into many other technologies – from network routers to websites. That does not mean that all of them are vulnerable. Vulnerability depends on how the Bash code is accessed. In certain cases, the way the Bash code is accessed creates an opening for hackers to access your systems and steal information.
If you are looking for a good "Shellshock 101" primer, this article concisely explains the Shellshock vulnerability, why most end users are not impacted directly, and how to protect your systems.
What we're doing at ALI:
Most of our vendor partners have assessed their products and posted updates in the past week to address those areas of vulnerability. We have been working with clients to assist in ensuing the appropriate patches and updates have been applied.
Those biggest areas of vulnerability we see are in the areas where you see server-based Linux code (i.e. webservers) and in some cases, certain models of infrastructure route/switch devices.
Resources to help:
Here are some of the more common vulnerability remediation information resources for our key vendors recommended by our engineers.
Citrix Bash vulnerability update center (Updated 10/13/14)
Many of you have already reached out to us and we've worked diligently to address vulnerabilities. Our staff has also been contacting clients directly.
> Contact your ALI Account Manager
> Open a case on our client portal
> Request Support by calling us at (800) 283-2648 x2