Critical Vulnerabilities to be Aware of in Bash

Mark Bainter
Sep. 25, 2014 by Mark Bainter

[UPDATE 9/26:  This morning, Redhat released a thorough technical write up of the vulnerability including diagnostic steps, affected products and more.]

On Wednesday, 9/25, a vulnerability was discovered in the ‘bash’ shell that is present by default in the Redhat family of Linux distributions.  The ubiquitous nature of this utility, and the many aspects of the system that depend on it mean that this vulnerability has far-reaching security implications.

While we do not distribute bash, and this vulnerability has no specific connection to our software, this is a security concern for our entire industry. Thankfully, Redhat and CentOS have worked hard to ensure a patch was available as soon as possible.  If you are running our platform on Linux systems we strongly urge you to upgrade to the latest version of Bash immediately.

You can do this very simply with ‘yum update bash’ in CentOS and RedHat, and you can verify that the fix is present by checking the release version with “rpm -qv bash” against this list based on your platform:

RHEL5: bash-4.1.2-15.el6_5.1
RHEL6: bash-4.1.2-15.el6_5.1

CentOS5: bash-3.2-33.el5.1
CentOS6: bash-4.1.2-15.el6_5.1

If you’re not sure if you’re running Bash, or if the exploit has been patched, take the time to consult your IT director. This is a potentially serious security hole and worth a conversation to make sure your mail servers and other exposed web applications are adequately protected. We feel that the potential fall out from this hack could be rather extensive, so we wanted to help spread the word and do our part to make the Internet a safer place.

Some distribution-specific advisories can be found as follows (By way of DuoSecurity):

While we’re on the topic of email security, check out our ebook on How DMARC is Saving Email today.

How DMARC Is Saving Email

Related Content

How to Send Encrypted Messages with SparkPost and Echoworx

Sending a large volume of encrypted messages can be a difficult task. Learn how you can use SparkPost and Echoworx to send messages securely and promptly.

read more

How to Protect Your Personal Devices From Online Security Threats

With the slew of new technology gadgets, there is an increased risk of mobile and online security threats. Here are a few tips to keep your devices safe.

read more

5 Best Practices for Security Notifications

Learn the 5 best practices for security notification emails that product teams can use to build user trust and confidence.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Free

Send this to a friend