Earlier this year we all
experienced a bug in OpenSSL called Heartbleed.
Seems there is never enough security issue around and last week ShellShock
appeared. The ShellShock is vulnerabilities (CVE-2014-6271 and CVE-2014-7169)
in UNIX/Linux’s bash (GNU Bourne-Again Shell) shell. The bash is command line shell used in many UNIX/Linux/Mac
OS based operating systems. Flaw in there can potentially allow attacker execute
shell commands. This can be achieved by attaching malicious code in environment
variables used by the OS. To fix this patch for needs to be applied for
specific OS. A vendor of particular OS needs to provide the patch and customers
have to apply it.
In case of SAP as an
application running on affected OS situation is as follows. As SAP has standardized
its OS scripts on C Shell there should be an issue. However there might be customer’s
script still bash based. Therefore a careful and thoroughful checks are advised
to be performed.
Anyway SAP is still
investigating what influence this vulnerability may have on its software.
Therefore keep an eye on SAP Note below to receive up to data information from
SAP about the issue.
More information:
2072994 -
"ShellShock“ vulnerability (CVE-2014-6271)
No comments:
Post a Comment