Written by Steve Falla   
Monday, 29 September 2014 11:37

Shellshock Vulnerability

This week the world was informed of another wide scale vulnerability in Linux and embedded systems. The vulnerability could allow a remote user to execute arbitrary commands on a compromised system, which could allow the attacker to reveal protected information.

This has received extensive coverage in the media, known officially as CVE-2014-6271, but reported informally as Shellshock. It is thought to potentially be more widespread than the recent Heartbleed vulnerability in OpenSSL software, as the bug has been around for almost 25 years. To find out more, please visit the following website Bash Shellshock-Vulnerabilty

Just to clarify, your installed JCS software is not affected by this issue, and in general, Windows based systems should not be affected, however we do use such systems within our infrastructure.

We immediately performed an analysis as to the extent of this issue and how it may affect our systems, and can let you know that even though many of our servers had the affected software installed, this vulnerability was already mitigated as the services that could allow the system to be compromised, had already been disabled at build time. This includes all of our front facing and infrastructure services.

Best practice has ensured that we have now already patched the affected servers, and even though we have performed our own testing on our third party suppliers, such as the commission mailbox service, we will be seeking assurances from them over the coming days that they have patched their systems as well.

We encourage you to seek similar assurances from other services that you use, specifically any financial services, product providers etc that you rely on and any cloud based backup or hosted services you may be using.

If you have any questions, please feel free to contact our technical support at  This e-mail address is being protected from spambots. You need JavaScript enabled to view it