Essent Customers Safe from “Bash Shellshock Bug”

Problem

A critical vulnerability known as the Shellshock bug exists in Bash — the GNU Bourne Again Shell operating environment shell used in multiple versions and variants of Unix, Linux, and Mac OS X. Microsoft Windows and other operating systems not based on Unix or using Bash are not affected.

Essent Service Impact Analysis

Essent was aware of this problem from its announcement and immediately took action to verify none of our offerings or Facility Management Support (FMS) service subscribers were vulnerable.

Essent software products and services do not use Bash. All business and commerce products including Compass, SiteBuilder, PunchOutNow, Direct2Decoration, and OrderTrax are not affected. The Essent Commerce Cloud™, and by extension its users, does not use Bash in public production systems and is not directly affected by this vulnerability. Essent security products, like The Netset™ Network Security Appliance, that do use a Unix variant do not run Bash and are not vulnerable to the Shellshock bug.

Details

This vulnerability, which has been assigned CVE identifiers CVE-2014-6271 and CVE-2014-7169, states the bug "allows remote attackers to write to files or possibly have unknown other impact via a crafted environment.” In short, it allows external agents to gain access to an affected system and perform nefarious activities including installing malicious software.

Share This:
FacebookRedditSlashdotDZoneNetvouzTwitThisLinkedInDiigo