A security vulnerability was recently announced that appears to affect a large percentage of internet connected devices. This vulnerability, known as Shellshock, is critical and could allow an attacker to perform remote code execution on hosts running a vulnerable version of Bash, a popular Unix/Linux shell. CSF International, Inc. is taking this issue seriously by taking the steps detailed below.
What we’ve done:
So far, we are not aware of any service on the CSFi Red Hat Linux Server actually exposing these problems to attackers, this is a precautionary update. It is our policy to not expose SSH or shell access publicly. Regardless, we have obtained the required patch from Red Hat, tested it and have prepared a patch implementation plan for potentially vulnerable customers that have licensed Red Hat software and maintenance through CSFi and have licensing arranged to receive the patch, by generating a web support ticket requesting the Red Hat patch for Bash.
What you should do:
Customers who licensed Red Hat software and maintenance through CSFi should contact CSFi Customer Service to schedule a date and time to install the patch on the CSFi Red Hat Linux server. This patch should not require a system restart, but this will be verified after the patch has been installed. If you are a registered web support user, you may create a support ticket for this request by sending an e-mail to firstname.lastname@example.org.