GNU Bash Vulnerability

KB Home   |   GNU Bash Vulnerability

Recently, a major security vulnerability has been discovered in the software shell GNU Bash. The vulnerability known as Shellshock can allow attackers to remotely access and control systems using Bash (and programs that call Bash) as an attack vector. The bug affects many GNU/Linux users, as well as those using Bash on proprietary operating systems like OS X and Windows.

Most software vendors affected by this vulnerability have already issued patches. PaperCut itself does not bundle GNU bash, however we recommend all Bash users audit their services that may be affected. More information about these issues can be found at CVE-2014-6271 and CVE-2014-7169

Is PaperCut vulnerable?

PaperCutís development processes continually focus on security, and in saying this, we believe PaperCut is not impacted by the ShellShock vulnerability. It is possible for systems hosting PaperCut to be vulnerable but we do not believe PaperCut adds to the vulnerability.

The majority of PaperCut runs in Java code in the JVM. There are points at which PaperCut does execute other processes, but the commands invoked are hard-coded and there is no way for an external source to set environment variables before execution. This means that PaperCut is not vulnerable to this attack.


Categories: Security


Keywords: Shellshock

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on October 01, 2014, at 03:52 AM
Printable View   |   Article History   |   Edit Article