Critical Vulnerabilities to be Aware of in Bash

Mark Bainter
Sep. 25, 2014 by Mark Bainter

shutterstock_214446490_600
[UPDATE 9/26:  This morning, Redhat released a thorough technical write up of the vulnerability including diagnostic steps, affected products and more.]

On Wednesday, 9/25, a vulnerability was discovered in the ‘bash’ shell that is present by default in the Redhat family of Linux distributions.  The ubiquitous nature of this utility, and the many aspects of the system that depend on it mean that this vulnerability has far-reaching security implications.

While we do not distribute bash, and this vulnerability has no specific connection to our software, this is a security concern for our entire industry. Thankfully, Redhat and CentOS have worked hard to ensure a patch was available as soon as possible.  If you are running our platform on Linux systems we strongly urge you to upgrade to the latest version of Bash immediately.

You can do this very simply with ‘yum update bash’ in CentOS and RedHat, and you can verify that the fix is present by checking the release version with “rpm -qv bash” against this list based on your platform:

RHEL5: bash-4.1.2-15.el6_5.1
RHEL6: bash-4.1.2-15.el6_5.1

CentOS5: bash-3.2-33.el5.1
CentOS6: bash-4.1.2-15.el6_5.1

If you’re not sure if you’re running Bash, or if the exploit has been patched, take the time to consult your IT director. This is a potentially serious security hole and worth a conversation to make sure your mail servers and other exposed web applications are adequately protected. We feel that the potential fall out from this hack could be rather extensive, so we wanted to help spread the word and do our part to make the Internet a safer place.

Some distribution-specific advisories can be found as follows (By way of DuoSecurity):

While we’re on the topic of email security, check out our ebook on How DMARC is Saving Email today.

How DMARC Is Saving Email

Share your Thoughts

Your email address will not be published.

Related Content

How to Bulletproof Your Email in 2017

Join SparkPost’s CISO and ValiMail’s CEO and Co-Founder walk through common cyber security threats and learn how to bulletproof your email in 2017.

read more

SPF Authentication: An Overview and Best Practices

An overview of SPF authentication, how it works and how to incorporate it into a successful email authentication strategy.

read more

Debunking the Myths of Moving Your Email Service to the Cloud

There are a lot of myths going around about email security in the cloud. We're debunking them and sharing tips for better security measures.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and send up to 100,000 emails per month for free.

Send 100K Emails/Month For Free

Send this to a friend