Filter by Category

What GoAnywhere customers should know about Shellshock

On September 24th, vulnerability CVE-2014-6271 and CVE-2014-7169, also known as Shellshock or the Bash bug, was found in the widely-used Unix Bash shell. The vulnerability allows Bash to execute commands from environment variables unintentionally.

GoAnywhere Director, GoAnywhere Services, and GoAnywhere Gateway run on a JVM which is invoked from within a Bash shell.  While GoAnywhere is not directly affected by this bug, the GoAnywhere startup process utilizes the common JAVA_HOME and JRE_HOME environment variables during the initialization of the JVM.  It is thus possible that a compromised environment variable on a vulnerable Linux and Unix system could cause the startup and shutdown process of GoAnywhere to unintentionally execute other commands and programs.

Linoma Software [now HelpSystems] recommends that our customers who deploy GoAnywhere to Linux and UNIX servers be aware of this security bug and apply the appropriate patches as they become available from your operating system vendor.

 

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…