Percussion CMS is not vulnerable to this new remote exploit, but servers running Unix derivatives might be. Learn how to protect your system from an attack.

Will Bash Vulnerability "Shellshock" Affect Percussion Customers?

Thu Sep 25, 2014

You may have heard about a remote exploit vulnerability that affects computers and devices running derivatives of UNIX (which includes OS X and most builds of Linux) that implement a Bash shell—known to some as a Command Line or Terminal.

The exploit enables a server accessed remotely to be fully controlled via a simple script, bypassing all security

Is Percussion Vulnerable to Shellshock?

Percussion CMS can be installed on servers that run Linux and other Unix-derived server operating systems, but is not inherently susceptible to this type of attack, which targets the operating system itself rather than applications running on it.

The Rapid7 blog has a great post on what types of devices are most vulnerable.

How Can You Protect Yourself?

While any Unix-derived operating systems running Bash shell are susceptible to this exploit, customers should move rapidly to insure in particular that any Internet-facing servers are immediately patched against this vulnerability.

Responding quickly to this potential risk by deploying the appropriate patches will ensure that servers are protected against being exploited.

Each customer should check with their internal IT team better understand whether their server environments are at risk, and how to prevent an attack.

 

Dan Flanigan
Vice President of Products | Percussion Software

Dan is a product management specialist with over 15 years of experience building new enterprise products and launching them successfully to market. He has extensive customer and sales facing experience, outlining product solutions that have been successful for customers from 300 to 300,000 employees. Well over 3 million users are using products he has launched. In his spare time, Dan spends his disposable income on Apple products and dreams of seeing his name in TechCrunch.

comments powered by Disqus