Created on Thursday, 25 September 2014 13:2825 September 2014
A few hours ago, it has been discovered a new global web server vulnerability in the Bash shell. Its scale is as serious as the famous ‘Heartbleed’ one found recently on OpenSSL. Bash is one of the most widely used utilities in any UNIX-based system, making this vulnerability especially critical.
The vulnerability has been named 'Shellshock' and it allows an attacker to create system variables which may contain malicious code which would be executed whenever Bash is invoked.
The vulnerability has been detected on most web server platforms – from most Linux & UNIX distributions to Apple’s Mac OS X, and threatens a large number of web applications, including CMSs like WordPress and Joomla.
However, there is no reason for you to panic about it because our admins have already updated the current Bash version on all servers that are part of our hosting network, thanks to the great response of the Open Source community who made available a fix within hours of the discovery of this flaw!