Archive

Go to:

October 2017
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
< Sep Nov >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

"Shellshock" Vulnerability in Bash Software Prompts FFIEC Warning
Tuesday, September 30, 2014 6:35 AM

The Federal Financial Institutions Examination Council said Friday that financial institutions should quickly address the "Shellshock" vulnerability by applying patches to their Bash software.

Bash, or Bourne-again Shell—a common software tool found in most UNIX, Linux, and Mac OS X operating systems and which also may be installed on Windows servers—is used to execute a sequence of commands. The "Shellshock" vulnerability could allow an attacker to execute malicious code on Bash and gain control over a targeted system. The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk.

Recommended Prompt Course of Action:

  • Financial institutions and their service providers should assess the risk to their infrastructures and execute mitigation activities with appropriate urgency.
  • Financial institutions should identify all servers, systems, and appliances that use the vulnerable versions of Bash and follow appropriate patch management practices.
  • Financial institutions relying on third-party service providers should ensure those providers are aware of the vulnerability and are taking appropriate mitigation action.

 

(Source:  FFIEC)