Trends Shellshock: What MailChannels customers need to know By Ken Simpson | 2 minute read Yesterday, security researchers disclosed a critical vulnerability in the “bash” program that ships with virtually every Unix and Linux system. This vulnerability enables – in some cases – remote execution of arbitrary programs via the command line, allowing an attacker to gain sensitive information such as password hashes from a target machine. MailChannels Software is Not Affected The Shellshock vulnerability is only remotely exploitable via online systems that use the bash scripting language. Web services that are programmed using the Common Gateway Interface (CGI) – and where the CGI scripts are written in bash – are vulnerable to Shellshock. MailChannels does not use CGI, and furthermore our software does not use bash except for locally executed commands. These commands are not vulnerable to remote exploitation because they cannot be run remotely by an attacker. Best Practices Even though MailChannels software is not by its design vulnerable to Shellshock, we highly recommend to all our customers that they immediately patch their systems to fix this critical vulnerability in bash. Other software unrelated to ours may be exploited because of Shellshock, and you need to ensure you are secure against attack. The major Linux distributions have all set up pages to help you with Shellshock. Please use one of the links below to get started now: Ubuntu Linux – http://www.ubuntu.com/usn/usn-2362-1/ RedHat Linux – https://access.redhat.com/articles/1200223