Shellshock (BASH Bug) Vulnerability
Cenlar FSB is fully aware of the current vulnerability surrounding the use of the Shellshock, the GNU BASH (Bourne Again Linux) utility including the initial advisory CVE-2014-6271 and the follow-up advisory CVE-2014-7169. Please note that our acknowledgement also encompasses advisories on specific BASH related exploits including CVE-2014-6277, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.
We have tested all systems that we host which are utilized to support your business and have NOT found any exposures to the identified vulnerabilities. It is important to note that Cenlar FSB does NOT use any operating systems or solutions where BASH is the default shell.
Cenlar has communicated with each of our critical systems providers and is currently evaluating their status regarding exposure to the BASH Shellshock vulnerabilities. For our providers that have responded NO vulnerability has been identified.
We will continue to assess our environment as well as solutions hosted by our third-party providers and will actively address any vulnerability that may be identified.