Thursday, November 6, 2014

Security Update: Shellshock or Bash Bug vulnerability does not affect the majority of Bosch Security Systems products*

A new vulnerability has been found that potentially affects versions of the Linux and Unix operating systems, in addition to Mac OS X, which is based around Unix. It is known as the Shellshock or Bash Bug.

Are systems from Bosch vulnerable to Shellshock?
The majority of Bosch systems are not impacted by Shellshock. Many Bosch products do not use Linux or Unix as an operating system. For products that do utilize Linux, Bosch uses Busybox with the Ash or Almquist shell, which is not vulnerable to Shellshock.

For Access Easy Controller (AEC), Bosch will soon release v2.1.9.0 v2, which will address this vulnerability.  

What is Shellshock or Bash Bug?
Shellshock or Bash Bug vulnerabilities affect Bash, a component known as a shell that appears in versions of Linux and Unix. Bash is used to execute command lines and command scripts. It can be used to run commands passed to it by applications, and it is this feature that is affected by the vulnerability.

What does Shellshock or Bash Bug do?
Attackers could cause vulnerable versions of Bash to execute arbitrary commands and allow the attacker to steal data from a compromised system, gain unauthorized access to a system and potentially provide the attacker with access to other computers on the affected network.

*Including the brands Bosch, Electro-Voice, RTS, and Telex.

1 comment:

ShawnM said...

Thank you for the article.
Every new solution faces challenges sooner or later and this is exactly that case. I remember when we needed to use virtual data room service that as it was known couldn't guarantee real data protection. Many things have changed since that time and now we collaborate with Ideals Solutions that provide all necessary secure activity including vdr secure file sharing.