Vendors’ response to Shellshock bug

Bash ShellShock Bug

The Shellshock vulnerability in Bash (a command line shell) hit the news last week and has the potential to be far more serious than the Heartbleed bug discovered earlier in the year. The Shellshock bug appears to mostly effect Macs, Linux, Unix, and websites based on Apache, although some network hardware may be effected.

There is a very good technical article that Troy Hunt has published which explains the vulnerability in some depth. You can view it here, as well as many other websites which are covering the story so I won’t go into detail, just type Shellshock into your favourite search engine.

Instead below is a list of the major vendors which we and customers use and links to any articles they have regarding Shellshock and their products.

Watchguard and Draytek have confirmed they have no effected products. Microsoft is also uneffected.

Keep checking back as I will update this as more detials from vendors become available.

If you know of any other Vendor statements regarding the ShellShock bug please add a comment below, and I will incorporate it into the post.

Dell
http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2014/09/25/shellshock-bash-bug-vulnerability-alert

http://www.dell.com/learn/us/en/04/campaigns/shellshock-remediation

Dell Sonicwall
https://software.sonicwall.com/ServiceBulletin/Dell_SonicWALL_GNU_Bash_Shellshock.pdf

Draytek
http://www.draytek.co.uk/support/guides/shellshock-security-exploit

Watchguard
http://watchguardsecuritycenter.com/2014/09/25/bash-or-shellshock-vulnerability/

Synology
https://www.synology.com/en-global/support/security/bash_shellshock

VMware
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

Egnyte
https://helpdesk.egnyte.com/hc/en-us/articles/203037714-Egnyte-unaffected-by-bash-vulnerability-Shellshock-

Sophos
http://nakedsecurity.sophos.com/2014/09/25/bash-shellshock-vulnerability-what-you-need-to-know/

http://www.sophos.com/en-us/support/knowledgebase/121444.aspx

Apple
http://support.apple.com/kb/HT6495

http://support.apple.com/kb/DL1769      (for Mavericks)

http://support.apple.com/kb/DL1768      (for Mountain Lion)

http://support.apple.com/kb/DL1767      (for Lion)

http://www.macworld.com/article/2687826/apple-says-most-mac-users-are-safe-from-shellshock-bash-bug-promises-quick-fix.html

Netgear
http://kb.netgear.com/app/answers/detail/a_id/25703

HP
http://h17007.www1.hp.com/docs/networking/alert/GNU-BASH_Security-Advisory.pdf

Avaya
https://support.avaya.com/helpcenter/getGenericDetails?detailId=C2014926131554370002