Smoothwall and the "Shellshock" bash vulnerability

Following the disclosure of the vulnerability in Bash (CVE-2014-6271, CVE-2014-7169), Smoothwall will be rolling out a priority update over the next 2 weeks to address the issue.

‘Main Update 78’ will be released to customers following the IN06 major feature enhancement release which is¬†imminent. (More about IN06 in a later post!).

Smoothwall advise that during testing, they have found no way to remotely exploit the vulnerability in their products, but the update will confirm the removal of the vulnerability.

As a precaution, we strongly recommend you restrict public access to the Smoothwall web interface (normally on TCP Ports 81 & 441) and SSH (normally on TCP Port 222). This can be done via the Smoothwall web interface on the “System->Administration->External access” page.