Effects on our products by the vulnerability of GNU bash
In GNU bash, vulnerability in environment variable processing was confirmed.
Any code may be executed from the outside with this vulnerability.
Our products may be attacked with this vulnerability.
This vulnerability is the OS-level vulnerability.
Customers who use Linux distribution and UNIX distribution using GNU bash should immediately perform the following measures.
1. Apply GNU bash patch.
2. Change GNU bash to an alternative shell.
Example) csh, zsh
For the method of applying the appropriate patch for this vulnerability, see each distributor’s information.
For information on GNU bash versions affected by this vulnerability, see JPCERT’s alert.
・Alert for GNU bash’s vulnerability: https://www.jpcert.or.jp/at/2014/at140037.html (Japanese)
Related links
[JPCERT] Alert for GNU bash’s vulnerability: https://www.jpcert.or.jp/at/2014/at140037.html (Japanese)
[CVE] CVE-2014-6271 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 (English)
[CVE] CVE-2014-7169 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 (English)
-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
--------------------------------------------------------------------------------
FAQID:715