Shellshock at enLink

Hamburg, 30.09.2014


In 1985, the UNIX shell bash, developed by Brian Fox, was widely introduced as a replacement for the Bourne Shell. Since then, a security vulnerability has existed that allows attackers to gain widespread access to systems on which bash is installed. This vulnerability was only discovered last week! The first reports of the Shellshock vulnerability reached deLink on 24.09.2014. According to the nature of the problem, all LINUX systems at deLink, whether Debian, CentOS or SUSE, were affected. The very next day, all critical systems were secured with the corresponding patches.

Immediately afterwards, further vulnerabilities in bash were published, which required all servers to be patched again. On Sunday, 28.09.2014, the second update was installed on all critical systems, hosting servers, managed servers and mail servers and tested for effectiveness. All customers who rented self-managed servers were informed with corresponding instructions on how to fix the problem.

Careful examination of all servers did not reveal any indication that the loopholes in bash had been exploited.