Shellshock Security Update

Published 02 October 2014 by Runako Godfrey

Shellshock is a vulnerability in the GNU Bash shell that enables remote attackers to gain the ability to execute remote commands on a system. There are currently a few related security advisories available about this issue:


How ProjectLocker has responded to Shellshock

Once we became aware of Shellshock, we responded by rapidly assessing our risk. At this time, we do not believe that our production systems were at significant risk due to the particular software stack we use to serve our applications. Nonetheless, we believe that the only way to be sure is to maintain current security patches, as is our standard practice.

Once patches for Bash became available, we applied them to all customer-facing servers within 24 hours, with all servers patched within 48 hours of patches becoming available. Note that in some cases, we patched systems prior to patches making their way into their respective distributions.

We'll continue to update our systems in response to further developments.

What You Should Do

If your organization runs machines that have Bash installed (this includes most Linux/Unix machines, including Macs), you should ensure that those systems are updated immediately. Shellshock is a potentially serious security bug, and you should patch your systems to address it

The good folks at have assembled a set of details about the vulnerability, as well as test scripts to determine whether your systems are exposde. Additionally, they have instructions for patching (or rebuilding) Bash to protect your systems.


Infrastructure Cost Worksheet

Topics: Security

Subscribe to ProjectLocker's Blog

Follow Us

Get Updates by Email

Follow @ProjectLockerHQ on Twitter

Follow Us

Free Checklist: How to Choose Source Control for your Project