Skip to main content
ExLibris
  • Subscribe by RSS
  •  

    Ex Libris Knowledge Center

    Security Update - “Shellshock” - Security Vulnerability Update

    Subject: “Shellshock” - Security vulnerability update

    Overview

    Ex Libris has been made aware of a recently discovered serious vulnerability that called “Shellshock”
    All Unix/Linux systems that use the Bash shell (a popular command-line shell) are vulnerable to the 'shellshock' exploit. This vulnerability allows remote attackers to remotely issue commands, start/stop processes or install code.

    The vulnerability is covered by two NIST advisories in the National Vulnerability Database, CVE-20146271 and CVE-2014-7169 where more information is available.

    In addition more detailed analysis of the vulnerability is available from RedHat - https://securityblog.redhat.com/2014...jection-attack.
    Patches have been released to fix this vulnerability by major Linux /Unix vendors for affected versions.

    Affected systems: 

    All Ex Libris systems/products running on Unix/Linux.

    What are we doing at Ex Libris to address this?
    1. Ex Libris cloud and development teams are currently testing the available patches with all Ex Libris products. This is a high priority and we expect to complete the tests shortly.
    2. The Ex Libris cloud team initiated scans across the Ex Libris cloud network to look for vulnerable systems.  
    3. The Ex Libris cloud team is actively monitoring network traffic to identify attacks and blocking them.
    Next Steps for Ex Libris and Ex Libris’ customers:
    1. As soon as Ex Libris finishes the testing and certification process for the available patches, we will issue notifications and patch instructions for all Ex Libris products.   
    2. Once the patches are certified, Ex Libris will recommend all customers running Ex Libris products on-premise/locally and using Linux/Unix systems install the patch.
    3. Ex Libris will patch all the systems running in the Ex Libris cloud to prevent the exploit on our cloud systems.