Shellshock - Bash Bug
-
Friday, 26th September, 2014
-
21:17pm
The United States Computer Emergency Readiness Team issued a Security Alert on Wednesday September 24, 2014 regarding the Shellshock bug.
http://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-VulnerabilityShell Shock is a vulnerabilty in the Bourne-Again Shell or Bash software used in most Linux and Mac OS X software. Bash is command shell software that facilitates the ability to execute commands on Unix/Linux/Mac OS x systems. It is also used by these operating systems to run various types of software.
Unlike the Heartbleed Bug which allowed a malicious user the ability to view sensitive information on a server in the hopes of finding something valuable, the Shell Shock bug allows an attacker to take control of the server.
Since the initial announcement of the Shellshock bug, AlpineWeb has been working diligently behind the scenes to impliment the patches necessary to secure our Web Hosting Platforms.
The initial patch released and implimented was a partial fix. A second patch was subsequently released and which is currently being applied. Alpine Web Hosting platforms have been patched as follows:
Alpine Hosting Patched
Signature Patched
Zimbra Patched
VPS V1/V2 Removal of Bash service will occur later today
VPS v3 Will be patched today (9/26/2014)
VPS Linux Will be patched today (9/26/2014)
Advanced Linux Core Patched
Advanced Linux Cpanel Patched
More Information on the Shellshock bug can be found here:
http://krebsonsecurity.com/2014/09/shellshock-bug-spells-trouble-for-web-security/
Customers with questions and or concerns should contact thier Account Manager or submit a ticket to service@alpineweb.com
Webmaster
AlpineWeb Design
http://www.AlpineWeb.com/
