Krescendo not impacted by the Shellshock bug

On September 24th 2014 the Shellshock bug was reported with severity 10/10 in the National Vulnerability Database (NVD). This bug exposed vulnerabilities in the Linux bash library.

Upon reading the announcements, Krescendo carried out immediate verifications on its infrastructure.

Krescendo can confirm that its client services were not affected.

This is because Krescendo’s client facing services do not provide external exposure to the libraries that were identified as vulnerable (a list of the products affected may be found in this article).

Useful references:
https://access.redhat.com/articles/1200223
https://rhn.redhat.com/errata/RHSA-2014-1293.html
https://rhn.redhat.com/errata/RHSA-2014-1306.html
https://www.redhat.com/security/data/cve/CVE-2014-6271.html
https://www.redhat.com/security/data/cve/CVE-2014-7169.html
https://access.redhat.com/security/updates/classification/#critical
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271