Critical Vulnerabilities to be Aware of in Bash

Mark Bainter
Sep. 25, 2014 by Mark Bainter

shutterstock_214446490_600
[UPDATE 9/26:  This morning, Redhat released a thorough technical write up of the vulnerability including diagnostic steps, affected products and more.]

On Wednesday, 9/25, a vulnerability was discovered in the ‘bash’ shell that is present by default in the Redhat family of Linux distributions.  The ubiquitous nature of this utility, and the many aspects of the system that depend on it mean that this vulnerability has far-reaching security implications.

While we do not distribute bash, and this vulnerability has no specific connection to our software, this is a security concern for our entire industry. Thankfully, Redhat and CentOS have worked hard to ensure a patch was available as soon as possible.  If you are running our platform on Linux systems we strongly urge you to upgrade to the latest version of Bash immediately.

You can do this very simply with ‘yum update bash’ in CentOS and RedHat, and you can verify that the fix is present by checking the release version with “rpm -qv bash” against this list based on your platform:

RHEL5: bash-4.1.2-15.el6_5.1
RHEL6: bash-4.1.2-15.el6_5.1

CentOS5: bash-3.2-33.el5.1
CentOS6: bash-4.1.2-15.el6_5.1

If you’re not sure if you’re running Bash, or if the exploit has been patched, take the time to consult your IT director. This is a potentially serious security hole and worth a conversation to make sure your mail servers and other exposed web applications are adequately protected. We feel that the potential fall out from this hack could be rather extensive, so we wanted to help spread the word and do our part to make the Internet a safer place.

Some distribution-specific advisories can be found as follows (By way of DuoSecurity):

While we’re on the topic of email security, check out our ebook on How DMARC is Saving Email today.

How DMARC Is Saving Email

Related Content

Preventing an Email Security Breach: The 3-Pronged Defense

Securing email against determined attackers takes strategic defense. Our multi-pronged security method will help you prevent an email security breach.

read more

The Importance of Multi-Factor Authentication (MFA)

The need for online identification verification has never been stronger. Learn about Multi-Factor Authentication and other ways to keep your identity safe.

read more

GDPR Affects Open Rates

To comply with GDPR, email senders across the globe sent out millions of privacy updates last week. See our favorites and learn how GDPR affects open rates.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Free

Send this to a friend