Globus' response to the remote code execution through bash vulnerability

September 25, 2014 | Stuart Martin

On Wednesday, September 24th, a new vulnerability (CVE-2014-6271) was announced in the widely used GNU Bourne Again shell and command language interpreter (aka Bash), which is the default shell for Red Hat Enterprise Linux, among others. After its announcement, we reviewed the severity and impact to Globus services, partner services and users. Soon thereafter, we posted details in our support forum, with continuing updates as we learn more. Overall, our assessment for the severity of the impact for this issue is low. The forum post does include some precautionary actions we recommend for administrators of Globus endpoints, and for Globus Toolkit services.

If you have any concerns about this issue, please contact our support team.

Older Globus' response to the OpenSSL CCS Injection Vulnerability

Newer The Globus policies, they are a-changin'