Shell Shock; your 1A-server was swiftly secure again

The Linux world is again startled by a vulnerability in commonly used software of this operating system. The 1A-server makes use of this software as well. Because we manage the software on the 1A-server ourselves, we were able to provide the solution to this vulnerability on all 1A-servers the same day with our scalable update mechanism.

Shellshock bash bugIn April this year the Heartbleed bug came to light. The new threat is called GNU Bash Shellshock (CVE-2014-6271), which was found to have been present in the software Bash for years. This software is meant to enable the execution of commands on a Linux system, and is present on most both servers and workstations, including Mac OS X.

Shortly after the vulnerability was discovered and the solution was found, a variety of related problems to came light because of the intense scrutiny on the design of the underlying code (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 en CVE-2014-7187). Again we were able to provide the latest safeguards on all 1A-servers in the field soon after the developers came up with a solution.

The open source approach we also use has again proven itself: discovering and quickly resolving the vulnerability was possible because the source code is freely and openly available. For the related problems, this was also the case. With proprietary software, we would have been dependent on a single supplier, and the servers would have been vulnerable much longer.

More information about the Shellshock bug »

Test servers yourself »


Richard de Vroede

A perfectionistic Jack-of-all-trades who dedicates all of his passion to his work.