The Shellshock Flaw

***Security Alert***

[Update 2 | September 30, 2014, 9:10am CST]

Apple has released at update.

[Update 1 | September 26, 2014, 11:40am CST]

Red Hat has released a full patch.

[Original Post | September 25, 2014, 1:45pm CST]

Zimbra is aware and has been closely monitoring the developments of the Shellshock vulnerability. At this time, Zimbra has found no impact on our products, nor do we anticipate any. We recommend that our customers evaluate their systems for this vulnerability and to take immediate action to remediate as patches become available

This flaw affects the Bash shell of Unix-based systems and does not necessarily affect the applications running on top of those operating systems. As for Zimbra’s IT Operations, we are taking the necessary steps to mitigate any risk associated with this flaw as soon as possible.

According to Red Hat’s bugzilla, this is rated urgent for both priority and severity. Following is Red Hat’s description from the same bugzilla entry:

“A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.”

Additional Information:

Please stay tuned. Zimbra will update this post as we have more information to share.

Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures