Roos Instruments is aware and has been closely monitoring the developments of the Shellshock vulnerability. This flaw affects the Bash shell of Unix-based systems and does not necessarily affect the applications running on top of those operating systems. As for Roos Instruments IT Operations, we are taking the necessary steps to mitigate any risk associated with this flaw as soon as possible. Within hours of public disclosure and patch availability, Roos Instruments has updated all servers that are exposed to the public internet and verified that these systems are no longer affected.
Roos Instruments has identified Guru Enterprise Server and Guru Server installations that may be impacted by this issue. We recommend that our customers evaluate their systems for this vulnerability and to take immediate action to remediate as patches become available. If Guru Server is installed on an affected Linux operating system (OpenSuSE, xUbuntu), please follow the procedures to apply security updates. Since none of these installations are accessible to the public internet, and are protected by multiple layers of physical and network security, although the issue is urgent in both priority and severity the actual risk is very low.
Test for vulnerability, enter this terminal command: curl https://shellshocker.net/shellshock_test.sh | bash
Update commands for common Linux OS:
- Ubuntu/xUbuntu: "sudo apt-get update && sudo apt-get install bash"
- OpenSuSE: "zypper patch"
- CentOS, Redhat: "sudo yum update bash"
- Guru Enterprise Server on Xubuntu 14.04 LTS Configuration Procedures
- US-CERT and NIST provide a vulnerability summary in the National Vulnerability Database, including known vulnerable software and versions
- Shellshocker.net is a public site developed by the health IT team at Medical Informatics Engineering with tools and information.
- OpenSuSE Security Update: bash
- Ubuntu Security Notice (xUbuntu)
- Red Hat Shellshock article