Dear customer

yesterday evening (2014 Sept, 24th) a security issue on the wide-spreaded linux default shell "bash" was released under tracking id CVE-2014-6271.
This security hole allows the remote execution of code by the internet and allows to take over control of your system. Therefore it's necessary to update your system immediately.

Most linux distributors have already released an updated bash package which can be installed with your packet manager.

You can check on ssh if your system is vulnerable by using the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test

On an already patched system the output will be as follow:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

For further assistance with updating your system our technical support will be happy to assist you.

Kind regards
Your Support-Team

Thursday, September 25, 2014

« Back