Shellshock at deLink


In 1985 the UNIX shell bash, developed by Brian Fox, replaced the commonly used Bourne shell at most systems. Since then it had a security leak, which could be used to attack systems and get extensive control. This leak was not discovered until last week. The first information about this leak – named shellshock – reached deLink at the 24.09.2014. Due to the nature of the issue every LINUX system at deLink was concerned – Debian as well as CentOS or SUSE.

Already the next morning we had patched all critical systems.

Immediately after more severe leaks were discovered in bash, so that all servers had to be patched again. Sunday, the 28.09.2014, the second row of patches had been applied and tested at all critical systems, hosting servers, managed servers and mail servers at deLink. All customers managing their own servers had been informed and given a guide how to secure their servers.

Careful investigation of all servers showed no trace that the leaks had been used for attacks.