It’s been over one month since Bash notified the IT community about the “Shellshock” vulnerability and sent Linux, Unix and Mac OS X system operators into a panic trying to patch their servers. As we explained in a post after the initial discovery, several Novell products were affected by this security issue (see below).
As a quick refresher, the vulnerability—officially called CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, and CVE-2014-6278—exploits the Bash shell, a command language interpreter that receives, processes and runs application commands. Hackers can use this vulnerability to exploit the way a computer’s processes operate.
Now that some time has passed, you might be wondering if your Novell products are free from the threat of Shellshock. The short answer is no; Shellshock remains a very real threat, and if left unmonitored it could still wreak havoc on your network. In fact, the National Vulnerability Database rated the bug 10 out of 10 for exploitability and impact. Furthermore, SC Magazine named Shellshock the November Cyber Threat of the Month—a stark reminder that this is a situation that needs to be continuously monitored in order to provide ongoing protection.
Here at Novell, we are committed to helping you keep your servers safe. The most important thing that you can do to keep your endpoint management and other Novell products secure is to make sure that you applied the following software patches that we initially recommended:
Currently, there are no new patches that you need. Once you apply the patches, your system should be safe. But be sure to check back often as we are continuously monitoring the situation and will provide necessary alerts should they arise.