Return
-
Title
Do any Unix-based Identity Management products introduce the "Shellshock" vulnerability? -
Description
The discovery of the "ShellShock" vulnerability in Bash for Linux and Unix-based operating systems has the potential to put machines at risk that use this particular shell.
Do any of the Identity Management products that are Unix-based introduce this vulnerability?
-
Resolution
None of the products listed below introduce the "Shellshock" vulnerability. Only the Privilege Manager for Unix product includes shells with its installation and that does not include Bash as one of them. Authentication Services Privilege Manager for Unix Privilege Manager for Sudo Single Sign on for Java Virtual Directory Server -
Additional Information
Privilege Manager for Unix bundles a shell called pmsh that is based on 'dash. "Debian Almquist shell" This has been tested to ensure it does not contain the shellshock vulnerability.