Shellshock (bash) and SmarterTrack
Question asked by Eddi Bento - 9/29/2014 at 9:50 AM
I'm pretty sure I already know the answer to this, but in the world of security, one can never be too sure.
I'm specifically looking at SmarterTrack, but are any of your products vulnerable to Shellshock?  I know that they are .NET applications and when run on Windows Servers, there is no bash command, but I'm unaware of the components within ST.

4 Replies

Reply to Thread
Eddi Bento Replied
Anybody? I'd like to know that SmarterTools cares about the security of its customers.
Marc Frega Replied
Im not 100% sure but im 99.9% sure that it has no bash vulnerability.
Eddi Bento Replied
Dude, I'm with you. It's a .NET application. Unfortunately I can't go out to my customers and be like, "Well Jim, we're pretty sure it's not an issue..."
Derek Curtis Replied
Employee Post Marked As Answer
Sorry, I missed this thread earlier.
As Shellshock is a security issue affecting the Unix bash shell it should have zero impact on any SmarterTools product.
That said, running a Windows server doesn't make you immune. We recommend using good security and privacy policies when running ANY Internet-connected server, regardless of its core operating system. ZDNet has a good FAQ on Shellshock and it does address whether Windows users are vulnerable or not. The short answer is: "probably not."
Derek Curtis
SmarterTools Inc.
(877) 357-6278

Reply to Thread