As you may have read in mainstream news media outlets, a vulnerability was recently discovered in the Bourne Again Shell (Bash) component of Unix-based operating systems. This vulnerability could allow an attacker to execute shell commands through shell environment variables. It has also been leveraged for denial of service attacks and other malicious activity.

ITS has already patched relevant local systems and is expecting vendors to patch any relevant externally-hosted systems. There is no evidence to suggest that Middlebury assets have been compromised.

More information about the vulnerability is available on the ITS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/486102/original/middlebury_threat_bulletin_shellshock.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.