Snap "ShellShock" Bash Bug Security Advisory

Posted by Ketan Padegaonkar

26 September 2014

The announcement of the the CVE-2014-6271 commonly known as the ShellShock bug with GNU bash was made a few days ago. The fix for this was incomplete and a new vulnerability CVE-2014-7169 was identified.

Using this vulnerability, an attacker may execute arbitrary code on a affected server. While this code may not run with root privileges, it may provide a significant vector for further exploitation of a system.

The various ecosystem partners that Snap integrates with or automates (Amazon AWS, Heroku, Github and others) have taken steps to contain the impact of the vulnerability. The Snap team too has taken the following steps to ensure that your data and our servers are secure.

Actions taken on our servers

We have no reason to believe that any unauthorized access was made or that any data was compromised. We have also patched all servers with the latest version of Bash to ensure that our servers & services running on them are not vulnerable.

We believe we have taken all necessary precautions to get Snap secure for now. If you have any further questions or concerns, please do not hesitate to get in touch with us. We would love to help out in any way we can.

Stay safe!

comments powered by Disqus