Delphix Products

 View Only

Shellshock Bug (CVE-2014-6271 and CVE-2014-7169)

  Thread closed by the administrator, not accepting new replies.
  • 1.  Shellshock Bug (CVE-2014-6271 and CVE-2014-7169)

    Posted 09-26-2014 08:33:00 PM
    No replies, thread closed.
    Delphix has evaluated the Delphix Engine to determine the impact of the ‘Shellshock’ bug (cf. CVE-2014-6271 and CVE-2014-7169) announced on September 23. Delphix confirms that the Delphix Engine is not vulnerable to this bug, as we do not allow user login to the Delphix Engine and the Delphix Engine does not allow untrusted data to be passed to Bash via environment variables. Because the Delphix Engine is not susceptible to this bug, no remediation needs to occur. The version of Bash on the Delphix Engine will be upgraded in the next release.