Devon IT Statement on Shellshock

We are aware of the Shellshock vulnerability issue and have researched the common attack surfaces that this can open.

On our Echo management platform, we have established that while this CVE impacts every known version, it is only accessible if the attacker can gain remote SSH access to the virtual appliance as a superuser. A normal user will not be able to escalate privileges to perform damage to the system. For mitigation we suggest that customers disable remote SSH access to the underlying appliance.  By default it is disabled, so this only impacts customers who have previously explicitly enabled it.  After an audit of our remotely accessible services we have not been able to show the attack being effective.  While there is no immediate danger, the version of Bash used in Echo was updated to account for this fix.

On our Devon Terminal Operating System (DeTOS) we use a special sandbox so if the attack was issued on a local machine it would only impact the sandbox session and would not be persitent.  Currently the attack has not shown the ability to escalate privileges to compromise the underlying OS.  All privileged scripts run with the “dash” shell so they are not impacted by this attack.

Please contact Devon IT Support with any further questions.

As this issue develops and evolves Devon IT will continue to release updates.

Leave a Reply

Previous: Next: