Tag Archives: critical vulnerability
National Cyber Awareness System Alert

We recently learned about an industry-wide security vulnerability that impacts many common Linux and Unix platforms. This vulnerability, known as Shellshock, could allow an attacker to gain remote access to systems or execute malicious code remotely. Given the implications of this flaw, we wanted to alert you to this vulnerability and assure you that Enom has proactively applied the necessary security patches to all of our servers that could have been vulnerable. Our core systems remain unaffected and our team will continue to monitor the situation and apply new security patches as they are released. If you are using or selling our Linux hosting product, there has been no evidence of any exploits. We recommend that our Unix and Linux-based customers apply all available patches to their own computers before using any Bash-based tools (SSH) to remotely connect to their Linux hosting accounts.

Have questions? Here are some FAQs on Shellshock:

What is the Shellshock flaw?
It is a vulnerability in Bash, the software used to control the command shell in many flavors of Unix-based systems, which has been shown to be present in Linux and other Unix operating systems online task management. The flaw could allow an attacker to gain remote access to systems or execute malicious code remotely.

Is there any evidence my Linux hosting account has been compromised by this exploit?
If you are using or selling our Linux hosting product there is no evidence from our scans of any exploits. We have patched our systems and will continue to monitor the situation and apply new security patches as they are made available.

I use your Windows hosting product – does this impact me?
No, this vulnerability only impacts Linux and Unix-based operating systems.

Am I vulnerable?
Windows desktop users are not vulnerable. If you use Linux or a Mac as your desktop environment then you may be at risk for this exploit. If you allow SSH access from remote connections or run a local webserver then you are potentially vulnerable. We recommend that our Unix and Linux-based customers apply all available patches to their own computers before using any Bash-based tools (SSH) to remotely connect to their Linux hosting accounts.

How is this being addressed by companies that utilize Bash (e.g., Apple, Red Hat, etc.)?
The majority of the Linux distributions have released an initial patch for Bash. This is only an initial patch and we expect additional patches to be released.

Where can I get more information on Shellshock?
To get more information on Shellshock, please reference the following organizations: