Shellshock Vulnerability Update

“Shellshock” Security Alert Update

 Internet Protocol telephony is achieving mainstream acceptance among business customers, propelled by its cost and functionality advantages over traditional phone service. Because many VoIP platforms rely on a LINUX-based infrastructure, it has the potential to be exposed to the same types of security risks that face LINUX distributions used throughout the Internet in general. Unfortunately, those who would cause harm to particular organizations or the internet as a whole are seeking to exploit any opportunity to access these networks and take malicious action.  A strong set of security rules, robust infrastructure, and the ability to respond to threats are critical to helping prevent attacks and maintaining high voice service availability. 

 

“Shellshock” Vulnerability  

Fonality uses a distribution of LINUX in some of our products and services. Via US-CERT, it has come to our attention that a Bash vulnerability that affects Unix-based operating systems has been discovered.  Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. 

 

https://www.us-cert.gov/ncas/current...-Vulnerability 

 

Resolution 

To address the “Shellshock” vulnerability issue, Fonality is pushing a Bash update to all customer servers. Any server that is in communication with Fonality’s infrastructure will receive this update.  The update is a simple script that does not require halting of service or rebooting of servers. 

 

There is no need for action by a customer other than to ensure that your server is connected to the Internet.   

There are no actions required for customers on a Hosted (Cloud) Fonality solution. 

 

Fonality Security 

We take the security of your Fonality solution extremely seriously and attempt to detect and eliminate opportunities for bad actors to access our systems.  However, Fonality cannot and does not warrant complete security and fraud prevention of its services, including any server, equipment or the Fonality network itself. In small print form: Fonality disclaims any and all liability resulting from or related to unauthorized intrusions or access and related security events. 

  

If you have any questions related to system security, please feel free to contact us at security-team@fonality.com.   We appreciate your attention to this matter.  Working together, we can keep ahead of these malicious individuals and ensure a better experience for Fonality users and the internet as a whole. 

Return to Documentation Home I Return to Sangoma Support