ShellShock vulnerability assessment
ShellShock vulnerability assessment
Recently, reports in the media have highlighted the ‘ShellShock’ vulnerability that affects the Bash component of Unix based operating systems.
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/
Intercede have evaluated the potential problems with respect to MyID installations and are pleased to advise that we have not found any direct risks posed to MyID by ShellShock.
Bash is a component that is found on non-Windows operating systems, such as Unix, Linux and Mac OS X. The MyID server runs on Windows operating systems, so is itself unaffected by this vulnerability. MyID clients, and other Intercede developed apps running on Windows, iOS, Android or Blackberry operating systems are also unaffected.
However, it is important that customers who run MyID servers as virtual machines hosted on the affected operating systems check with their suppliers.
You should also check that additional software that might include this vulnerability, such as the Cygwin development tool, is not present on your Windows servers.
We will update this notification if the situation changes. If you require further clarification please contact [email protected].