Question

Bash bug virus - Any affect to Laserfiche?

Updated September 29, 2014

asked on September 29, 2014

I'm posting this on behalf of a customer of ours. This morning they told us they would like some reassurance that this new Bash virus will not affect their Laserfiche products (Thick and Thin clients). I didn't see any mention of it anywhere on the support site or Answers, so if you could please let me know if LF is looking into this.

Thank you,

Shaun

0 0

Answer

APPROVED ANSWER

replied on September 29, 2014

The Shell Shock bug is based on a flaw in the *nix Bash shell. It's pretty unlikely that you even have this software installed on your Windows machines, though versions do exist. None of the Laserfiche products would invoke the shell.

The main attack vector I've seen is passing specifically-structured headers to a web server, with the intent that they would be interpreted by the shell. That's not how ASP.Net works, so applications like WebLink or Web Access would not be vulnerable.

3 0

Replies

replied on September 29, 2014

My understanding is that it only affects Unix and Linux based systems.

1 0

You are not allowed to follow up in this post.

Question

Question

Bash bug virus - Any affect to Laserfiche?

Answer

Replies

Sign in to reply to this post.