cimplBlog_banner.png

Cimpl Blog

Your Weekly Insights on How to Manage your Enterprise Digital Footprint.

Dear Customers: Cimpl is not vulnerable to the shellshock bug

Posted by Henry Cheang | September 25, 2014 5:00 PM

The Shellshock Bug is in ALL the news today...

There is a lot of news about the so-called Shellshock bug that’s hitting the media today. BBC News, CTV News, and CBC News, among many others have been alerting its readers about this latest vulnerability. However, before we get to that, let me emphatically state something:

ETELESOLV IS NOT VULNERABLE TO THE SHELLSHOCK BUG, AND YOUR VALUABLE DATA THAT YOU’VE ENTRUSTED TO US IS SAFE FROM THIS EXPLOIT.

Etelesolv is not vulnerable to the Shellshock Bug!

 

What is the Shellshock bug?

Now that we’ve gotten that critical statement out of the way, it’s time we do what we do best – provide clarity and transparency on crucial data!

To summarize, the Shellshock vulnerability, or more formally, the “GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169)” is a critical vulnerability that impacts the following operating systems/shells:

  • GNU Bash through 4.3.
  • Linux, BSD, and UNIX distributions including but not limited to:
    • CentOS 5 through 7
    • Debian
    • Mac OS X
    • Red Hat Enterprise Linux 4 through 7
    • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS

Among the reasons for which the Shellshock bug is making such a big media splash is because the US Department of Homeland Security issued an alert on the bug. Other reasons include the fact that:

  • Hackers using this exploit can take complete control of vulnerable machines
  • This bug’s impact has been classified as “high” by industry standards (i.e., the risk that it poses is high!)
  • Literally hundreds of millions of machines are at risk!

Currently, patches have been released to plug the vulnerability, but the patches do not necessarily fix the entire problem! Basically, if you’re using the above-listed systems (or network vectors from the vendors on this list), go to their respective websites/communities to see what patches or workarounds have been created! And be sure to check regularly for updates!

Why Cimpl is safe from the Shellshock bug!

Vincent Parisien, Vice-President of Technology for Cimpl, supplies the answer: “Cimpl’s products are built on Microsoft platforms, and hence not impacted by this exploit. More to the point, we’re constantly applying vendor security patches and verifying our products and security features to ensure that our products are thoroughly safeguarded. We deeply cherish our customers’ faith in us, and we do everything we can to continuously uphold that trust!”

A few quick final words

Cimpl is Canada’s leader in IT and telecom expense management. We attained this position because we build the finest software products and because we’re constantly on the lookout for the latest developments, both in terms of forward-looking technology AND in terms of ways of warding off threats! Contact us to find out more!

Kaizen eBook - A Guide to IT & Telecom Management

 

Related articles:

 

 

Topics: Security, Tips, Customers

Written by Henry Cheang

Henry has a lifelong passion for science and technology. This enthusiasm is put to good use in a cutting-edge software company like Cimpl. As product marketer, Henry researches market and user needs to develop user and buyer personas, contributes to product design, and helps coordinate product messaging. Henry also writes nearly the entirety of all documentation for Cimpl’s many successful platforms. In his spare time, Henry devotes much energy to family, friends, and martial arts. Henry recently completed his Master’s in Business and Administration from Concordia University, where he specialized in the study of marketing, organizational behavior, and corporate governance. He has authored academic papers on the latter two subjects; these papers form part of his bibliography of over 20 professional research publications.

Follow Us!

MonthlyExecutiveReportWebinar2
Self-Assessement_Checklist
Customer Stories: Access now!

Subscribe to our Blog