Shellshock and Xen Remediation
By Greg Barrette on October 2, 2014
This blog post summarizes our remediation of two high-profile software vulnerabilities.
Shellshock CVE-2014-6271 Remediation
On September 24, 2014, a security vulnerability dubbed Shellshock (CVE-2014-6271) was discovered and disclosed in Bash, a software component broadly distributed with Linux- and Unix-based operating systems. Additional related vulnerabilities in Bash were found and disclosed soon thereafter.
Like most companies around the world, Recorded Future found our Linux-based servers needed immediate patching to remediate the Shellshock vulnerability. This was precautionary, as we assessed that the Recorded Future services supported by these servers were not directly vulnerable as a result of Shellshock. We completed initial remediation on September 25, and continue monitoring for additional vulnerabilities (CVE-2014-6277 for example) and related patches.
Xen CVE-2014-7188 Remediation
On October 1, 2014, a security vulnerability in Xen (CVE-2014-7188) was publicly disclosed. We completed remediation of this Xen security issue prior to public disclosure. We assessed Recorded Future services had not been disrupted through this vulnerability.
We directly informed Recorded Future customers of these actions through security advisories. If you are a Recorded Future customer and have additional questions about our remediation of these vulnerabilities, please contact us through our support center.