The alert on the Shellshock vulnerability in the Bash command language interpreter removed from the front page of the NCSC-FI

The alert published by the NCSC-FI on 25 September 2014 concerning the Shellshock vulnerability in the Bash command language interpreter has been removed from the front page on 10 October 2014 because the situation has stabilised. Even though the alert has been removed, it is still recommended to check that the network-connected devices using Bash are updated to the latest versions.

Known as Shellshock, the vulnerability bundle in Bash consists of six different vulnerabilities. The detection of the bundle was made rather quickly after the first vulnerability was discovered. Verified utilisation methods have also been available on the internet for the vulnerabilities in question. The NCSC-FI published a vulnerability report on the subject on 24 September 2014, an alert on 25 September 2014 and several Information security now! articles providing further information on the subject. Both the vulnerability report and the alert have been actively updated as the situation has progressed and new information has become available.

The situation is now stable and there are update patches available for the vulnerabilities. Therefore, the alert has been removed from the front page and it is no longer active. However, traffic related to utilisation attempts of the Shellshock vulnerabilities is still detected in the network to a small extent, but there are no known successful utilisation cases in Finland. For over a week after the six previously discovered vulnerabilities, new vulnerabilities have not been found.

The NCSC-FI still recommends updating all the network-connected devices using Bash to the latest versions as soon as possible if the devices have not been updated yet. Also, it is recommended to keep monitoring new vulnerabilities and patches for them.
The NCSC-FI continues monitoring utilisation methods and attempts. If necessary, the NCSC-FI informs of significant changes.

Further information:

Alert 02/2014 Shellshock vulnerability in Bash enables extensive utilisation

Update history


Key words: Information security, Cyber security, Vulnerability coordination, Information security now!


LinkedIn Print