Shellshock Advisory

SimpliVity is issuing this message as part of our Product Security Incident Response process to help protect our customers from a software vulnerability publicly disclosed yesterday (September 24, 2014) known as "Shellshock".  

The vulnerability is in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems. Details of the vulnerability can be found at the Common Vulnerabilities and Exposures website - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271.

The SimpliVity OmniCube software uses a version of Linux that is impacted by this vulnerability. This vulnerability is not specific to the SimpliVity product. It affects a large number of software products that leverage Linux/Unix operating systems.

SimpliVity takes product security seriously.  We are in the process of developing a software update that remediates this vulnerability and will make it available to all customers via SimpliVity’s Global Services Customer Support team.  

While this vulnerability represents a large risk to the general marketplace, its potential impact on SimpliVity OmniCube deployments is significantly lower because this vulnerability cannot be exploited on the OmniCube Software by an unauthenticated user.

Should you have any further questions, please contact SimpliVity Customer Support at 1-855-SVT-SERVICE (USA) or 1-508-536-4151 (International), or email support@simplivity.com. 

Best Regards,

Randy Boutin

VP, Customer Support

SimpliVity Corporation