Bash or Shellshock Bug

Media releases over the last week concerning an internet threat titled “Bash Bug” or the “Shellshock Bash Bug” have been occurring almost daily as new variants continue to emerge.  This particular vulnerability follows in the footsteps of the Heartbleed Bug, which occurred earlier this spring, but with the possibility of having a larger scope.  The Shellshock Bash Bug is a zero-day vulnerability that has the potential to affect many devices typically running Linux and Unix operating systems including servers, routers, portable devices, and Mac/Apple computers running Mac OS. 

As the industry continues to develop and release patches to remediate this vulnerability, the Office of Information Security and Privacy (OISP) and CCIT Infrastructure teams are engaged and actively evaluating and monitoring the computing environment to provide for its protection.  As patches are released by vendors, the teams are working diligently to ensure that systems are patched and updated immediately without affecting production.

OISP is monitoring to detect active exploit attempts and will alert any system administrators whose systems we believe may have been compromised. If you are accountable or responsible for any Linux-based systems not supported by CCIT, please check your own systems for this vulnerability and update them accordingly and regularly.  Security is everyone’s responsibility and CCIT reserves the right to remove any computer suspected of being infected from the network to prevent the spread of the vulnerability from the compromised system.

For many end-users, although Mac OS is considered vulnerable, this exploit is primarily a web server issue and typical desktop users are not at risk.  Only Mac OS users using advanced networking features or running local web services with CGI enabled are at any real risk.  Windows users are not considered to be at any risk with this exploit. 

If you have any questions, please contact your local computer support or visit the Office of Information Security and Privacy at www.clemson.edu/security for more information.

For Mac OS users, the following bash updates are being provided by Apple.  To find the version of your Mac, click on the "Apple" icon in the top left corner and select "About This Mac.":

OS X Mavericks v10.9.5 or later: http://support.apple.com/kb/DL1769
OS X Mountain Lion v10.8.5: http://support.apple.com/kb/DL1768
OS X Lion v10.7.5: http://support.apple.com/kb/DL1767


Thank you,

Kevin McKenzie
Chief Information Security Officer

help button

Contact CCIT
Service Desk:

Support Hours
(864) 656-3494
ITHELP@clemson.edu

Live Chat

Help & Support Form
Use this form to report a problem, ask for help or leave a comment.