To Aegis Identity TridentHE customers regarding the ShellShock (aka bashbug) bug. There has been a lot of activity recently in the security world around this bug. We here at Aegis Identity have researched this bug and here is our response. While there isn’t anything inherent within TridentHE that can be exploited but this bug we do recommend that customers keep up to date on their patching of their infrastructure for vulnerabilities such as ShellShock. The two main vectors of this bug appear to be through CGI scripts executed on the Web Server and direct access to the command line. CGI isn’t used in TridentHE but the Web Sever (Apache for example) may have CGI enabled and allow for this attack vector. We recommend disabling cgi-bin on your web server.
For additional information, Symantec blogged about this with links to patches on popular Linux distributions – http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability
Cullen Landrum, CISSP
Senior Systems Engineer
Aegis Identity Software, Inc.