Shellshock CVE-2014-6271 Remediation
On September 24, 2014, a security vulnerability dubbed Shellshock (CVE-2014-6271) was discovered and disclosed in Bash, a software component broadly distributed with Linux- and Unix-based operating systems. Additional related vulnerabilities in Bash were found and disclosed soon thereafter.
Like most companies around the world, Recorded Future found our Linux-based servers needed immediate patching to remediate the Shellshock vulnerability. This was precautionary, as we assessed that the Recorded Future services supported by these servers were not directly vulnerable as a result of Shellshock. We completed initial remediation on September 25, and continue monitoring for additional vulnerabilities (CVE-2014-6277 for example) and related patches.
Xen CVE-2014-7188 Remediation
On October 1, 2014, a security vulnerability in Xen (CVE-2014-7188) was publicly disclosed. We completed remediation of this Xen security issue prior to public disclosure. We assessed Recorded Future services had not been disrupted through this vulnerability.
We directly informed Recorded Future customers of these actions through security advisories. If you are a Recorded Future customer and have additional questions about our remediation of these vulnerabilities, please contact us through our support center.
'취약점 정보1' 카테고리의 다른 글
| Cisco ASA 소프트웨어 다중 취약점 보안 업데이트 권고 (0) | 2014.10.10 |
|---|---|
| Apache HTTP Server 서비스 거부 취약점 주의 권고 (0) | 2014.10.10 |
| Bashed and Shellshocked: Early Reports of Exploitation in the Wild (0) | 2014.10.10 |
| BMC Track-It! contains multiple vulnerabilities (0) | 2014.10.09 |
| IBM WebSphere Application Server contains multiple vulnerabilities (0) | 2014.10.09 |