Security Advisory Bash Code Injection Vulnerabilities (CVE-2014-7169/CVE-2014-6271)

Background

RedHat released two security advisories regarding the Bash Code Injection Vulnerabilities (a.k.a “Shellshock”):

https://access.redhat.com/security/cve/CVE-2014-6271
https://access.redhat.com/security/cve/CVE-2014-7169

Impact

This is a critical vulnerability in the GNU bash shell, used by many UNIX/Linux operating systems. This flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system; the majority of Restorepoint appliances may be affected.

Remediation

A patch for Restorepoint v4.5 is already available; please ensure that you update your appliance immediately, and that you are running at least v4.5 build 20140926:103212.

If your appliance is running Restorepoint v4.4 or earlier, please contact our Technical Support Team.

Advertisements

Heartbleed Bug Official Statement

The recently discovered Heartbleed bug (CVE-2014-0160) is a serious vulnerability in the popular OpenSSL cryptographic software library. This security flaw allows stealing of information protected normally protected by SSL/TLS.

Restorepoint does not use the offending implementation of OpenSSL in any of its appliances or servers. As a result, Restorepoint appliances and servers are not and were not at any time vulnerable to the Heartbleed bug.