"I am concerned about the Shellshock bug. Does it affect the Micro Focus products I have installed?"
One important thing to keep in mind is that the Shellshock (or GNU Bash Bug) affects the operating system, more specifically UNIX/Linux Operating Systems and devices running the *nix OS's. The bug is related to how the bash shell processes environment variables passed by the operating system, and can be exploited by attackers.
It does not have any direct implications for the Micro Focus product set. None of the Micro Focus internal systems and customer data are at risk from this vulnerability.
To check your *nix system to see if it is vulnerable, do this in a command shell (Bash shell):
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If this is returned:
vulnerable
this is a test
Your system is vulnerable.
This will be returned on a system that is not affected or vulnerable:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Patches have been issued by many of the major Linux distribution vendors for the affected versions. Micro Focus does advise that the patch be applied if you are running Bash on your operating system environments.
#EnterpriseDeveloper
#MFDS
#bashLinuxUnixShellshock
