This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] RIPE Atlas vs. bash/shellshock vulnerability

Previous message (by thread): [atlas] out of office
Next message (by thread): [atlas] RIPE Atlas vs. bash/shellshock vulnerability

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Robert Kisteleki robert at ripe.net
Fri Oct 3 10:08:59 CEST 2014

Dear RIPE Atlas users,

The RIPE NCC made a public announcement earlier about this issue (see
https://www.ripe.net/internet-coordination/news/announcements/ripe-ncc-security-report-on-shellshock-bash-shell-bug).

Still, since we have received some questions in email and Twitter about RIPE
Atlas vs. this vulnerability so we'd like to respond to these with some more
detail.

The RIPE Atlas v1-v2-v3 probes are/were not affected by this issue at all
since they don't run bash (or even have it installed) and also not providing
any accessible services. The anchors have bash installed, but it is not used
for any of the services provided. Besides, these servers have been patched
right away.

The infrastructure components (ie. controllers) were affected and as the
RIPE NCC announcement explains, they have been patched as soon as the patch
came out; basically within the day.

Regards,
Robert Kisteleki
for the Atlas team

Previous message (by thread): [atlas] out of office
Next message (by thread): [atlas] RIPE Atlas vs. bash/shellshock vulnerability

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]