Archive

Go to:

August 2017
SMTWTFS
12345
6789101112
13141516171819
20212223242526
2728293031
< Jul Sep >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

"Shellshock" Vulnerability in Bash Software Prompts FFIEC Warning
Tuesday, September 30, 2014 6:35 AM

The Federal Financial Institutions Examination Council said Friday that financial institutions should quickly address the "Shellshock" vulnerability by applying patches to their Bash software.

Bash, or Bourne-again Shell—a common software tool found in most UNIX, Linux, and Mac OS X operating systems and which also may be installed on Windows servers—is used to execute a sequence of commands. The "Shellshock" vulnerability could allow an attacker to execute malicious code on Bash and gain control over a targeted system. The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk.

Recommended Prompt Course of Action:

  • Financial institutions and their service providers should assess the risk to their infrastructures and execute mitigation activities with appropriate urgency.
  • Financial institutions should identify all servers, systems, and appliances that use the vulnerable versions of Bash and follow appropriate patch management practices.
  • Financial institutions relying on third-party service providers should ensure those providers are aware of the vulnerability and are taking appropriate mitigation action.

 

(Source:  FFIEC)