Dear all,

The critical vulnerability was found out on “bash” shell. This “bash” is installed in Linux, MacOSX, Windows (with only Linux emulator, such as Cygwin) and so on. By this vulnerability, any commands are carried out by the attacker.

Kyoto University alerted the issue (Only Japanese),

• [京都大学の情報 [学内限定]] 【追加情報】UNIXベースOSの基幹ソフトウェア「GNU bash」に重大な脆弱性

If you manage the Linux or MacOSX server using “bash”, please update it immediately!!

And if you use Linux, MacOSX, or Windows with Linux emulator, please update “bash” program.

Especially, in case of MacOSX (including the PC), please download and install the bash update in the following url.

• MacOS 10.9 “OS X bash Update 1.0 – OS X Mavericks“
• MacOS 10.8 “OS X bash Update 1.0 – OS X Mountain“
• MacOS 10.7 “OS X bash Update 1.0 – OS X Lion“

 

Related Information

• Bourne-Again Shell (Bash) Remote Code Execution Vulnerability (US-CERT)
• Everything you need to know about the Shellshock Bash bug (troyhunt.com)

 

3rd October, 2014 Chief of Information Processing Office: Kitani.