Go to:

April 2019
< Mar May >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

"Shellshock" Vulnerability in Bash Software Prompts FFIEC Warning
Tuesday, September 30, 2014 6:35 AM

The Federal Financial Institutions Examination Council said Friday that financial institutions should quickly address the "Shellshock" vulnerability by applying patches to their Bash software.

Bash, or Bourne-again Shell—a common software tool found in most UNIX, Linux, and Mac OS X operating systems and which also may be installed on Windows servers—is used to execute a sequence of commands. The "Shellshock" vulnerability could allow an attacker to execute malicious code on Bash and gain control over a targeted system. The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk.

Recommended Prompt Course of Action:

  • Financial institutions and their service providers should assess the risk to their infrastructures and execute mitigation activities with appropriate urgency.
  • Financial institutions should identify all servers, systems, and appliances that use the vulnerable versions of Bash and follow appropriate patch management practices.
  • Financial institutions relying on third-party service providers should ensure those providers are aware of the vulnerability and are taking appropriate mitigation action.


(Source:  FFIEC)