Skip to main content
System StatusContact Support
VersionOne Community

Was VersionOne affected by the shellshock (bashbug) security vulnerability?

Background

US-CERT/NIST released security vulnerability CVE-2014-7169 9/24/2014. A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous, as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

Answer

The VersionOne application itself does not run on Unix or Linux based servers, therefore the application is not impacted.  In our hosting environment, we utilize F5 load balancers. In response from our hosting provider, Rackspace, the F5s are only vulnerable to authenticated users and rogue DHCP servers.  The Rackspace-managed F5s are only accessible by Rackspace personnel, therefore an attack vector does not currently exist for unauthenticated users. Additionally, DHCP is not configured on the load balancers, so there is no risk of a compromise regarding the CVE-2014-7169 security vulnerability

Per our internal network, the only server affected was a monitoring server.  It was vulnerable and immediately updated with the linux bash package, which has since remedied the vulnerability. 

  • Was this article helpful?