Shellshock Vulnerability
There is a new high-profile security incident in the news. Identity Automation takes security very seriously and we wanted to update our customers as to the status of our research into the vulnerability in order to minimize risk to your Identity Automation Software Appliances.
In late September 2014, the Shellshock vulnerability was announced. Details can be found in various vulnerability databases on the internet. One such CVE report can be found here:
https://https://www.us-cert.gov/ncas/alerts/TA14-268A
The nature of this vulnerability requires a process to have the ability to write to environment variables on the appliances. We don't believe that we have vulnerable services or processes at this time; however, we are continuing to research the issues and information as they are released.
If you would like to have our support team update the BASH instances on your appliances or discuss this vulnerability, please contact us at support@idauto.net.