A new vulnerability has been found that potentially affects versions of the Linux and Unix operating systems, in addition to Mac OS X, which is based around Unix. It is known as the Shellshock or Bash Bug.
Are systems from Bosch vulnerable to Shellshock?
The majority of Bosch systems are not impacted by Shellshock. Many Bosch products do not use Linux or Unix as an operating system. For products that do utilize Linux, Bosch uses Busybox with the Ash or Almquist shell, which is not vulnerable to Shellshock.
For Access Easy Controller (AEC), Bosch will soon release v22.214.171.124 v2, which will address this vulnerability.
What is Shellshock or Bash Bug?
Shellshock or Bash Bug vulnerabilities affect Bash, a component known as a shell that appears in versions of Linux and Unix. Bash is used to execute command lines and command scripts. It can be used to run commands passed to it by applications, and it is this feature that is affected by the vulnerability.
What does Shellshock or Bash Bug do?
Attackers could cause vulnerable versions of Bash to execute arbitrary commands and allow the attacker to steal data from a compromised system, gain unauthorized access to a system and potentially provide the attacker with access to other computers on the affected network.
*Including the brands Bosch, Electro-Voice, RTS, and Telex.