A serious vulnerability called the “Shellshock” bug has been detected in GNU Bash, a popular command-line tool used on Unix-based computers that allow users to communicate with their operating system using text-based commands. The Shellshock Bug has the potential to allow attackers to take control of an operating system, find and alter confidential information, or use the system to launch new attacks.
What is happening
Operating system vendors have responded quickly. Most have released patches to fix the vulnerability.
Specifically, systems that are impacted are:
- Any Linux–based systems (e.g. Red Hat, Ubuntu, Debian) running Bash 4.3 and below
- Any Unix or Unix variant (e.g. Solaris, FreeBSD) running Bash 4.3 and below
- Any appliances running Bash 4.3 and below
- Mac OS X systems running Bash 4.3 and below
What UBC is doing
We are communicating to server owners within UBC about this issue and providing instructions on fixes. Specifically, we recommend that owners of servers that are vulnerable to the bug implement the appropriate patches. Within UBC IT, we are conducting vulnerability assessments of all enterprise servers and systems and implementing patches released by vendors.
What can I do?
System administrators should patch their systems so they are no longer vulnerable. Visit our IT Bulletins on how to check for vulnerabilities and apply the appropriate patches.
Additional technical details
For technical information regarding this vulnerability, and what to do if you identify a system that is vulnerable to this exploit, visit the Additional Technical Information and Resources page.
For further updates on this issue, please visit our IT Bulletins.