Skip Header
U.S. flag

An official website of the United States government

Financial Institution Letters

FIL-49-2014
September 29, 2014

Technology Alert: GNU Bourne-Again Shell (Bash) Vulnerability

Printable Format:

FIL-49-2014 - PDF (PDF Help)

Summary:

The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached alert advising financial institutions of a material security vulnerability with Linux and Unix operating systems that could allow an attacker to gain control of a bank's servers remotely. The vulnerability is commonly known as the GNU Bourne-Again Shell (Bash) or "Shellshock" vulnerability.

Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions.

Highlights:

Financial institutions should review U.S. CERT, GNU Bourne- Again Shell (Bash) "Shellshock" Vulnerability (CVE-2014-6271 and CVE-2014-7169) for additional information (see https://www.us-cert.gov/ncas/alerts/TA14-268A).

Suggested Distribution:

Suggested Routing:

Attachment:

Related Topics:

Contact:

Note:

FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2014/.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).