The US-CERT has identified Shellshock as a critical vulnerability affecting Linux/UNIX operating systems and Apple’s MAC OS X. According to the US-CERT, if exploited, this vulnerability gives attackers the ability to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.
Check Point released an IPS signature that protects customer environments. The signature enables organizations to add a layer of protection to their network during the time they need to update their systems with vendor provided patches. Please refer to the Media Alert for further details on the IPS protection.
Regardless of the current vulnerability and as a general best practice, Check Point recommends that customers only allow access to their system admin portals (Admin WebUI) via secure networks. In such scenarios, Check Point systems are not vulnerable to the announced exploit.
Most Check Point portals are not vulnerable to the Shellshock exploit. Specifically Mobile Access, Identity Awareness portal, and UserCheck portal are not vulnerable while Gaia and SecurePlatform Admin WebUI may be susceptible to environment changes caused by this exploit. At the time of writing, Check Point is not aware of any exploit on its solutions.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.