ShellShock vulnerability

A new software bug known as the “Bash Bug” or “Shellshock,” has been identified which allows attackers to gain control over targeted computers. The bug is present in a piece of computer software called Bash – that is typically found on computers running an operating system called Linux or Unix, of which there are many variations. Generally this operating system is used to power server computers, such as the ones that many of the world’s websites run on. Also impacted are all Apple Mac computers that run Apple’s operating system, OS X. Computers running Microsoft Windows are not impacted by this vulnerability directly, but could be at risk if web servers are compromised.

Prior to the exposure of this vulnerability, myhrtoolkit already had a high level of security as access to our server, via FTP and SSH protocols was locked down and limited by IP address. There is a theoretical risk that servers could be exploited simply by sending malformed requests to the server. However upon testing our servers were shown to be not vulnerable to this due to our previous hardening.

In response to ShellShock, our Linux provider, Red Hat have released a fully patched version of bash (the software that had the issue). This has been installed on all of our servers and tested as per Red Hat’s instructions at https://access.redhat.com/articles/1200223.

As such, the servers running myhrtoolkit remain secure.