On September 24, a security researcher disclosed a vulnerability in bash, also referred to as CVE-2014-6271 or Shellshock. Bash is widely used, and the vulnerability is not a Barracuda-specific issue but rather one that impacts any system that uses bash. This vulnerability allows hackers to easily insert malicious code into web servers and other hosts to carry out attacks and steal data.
Once the vulnerability became public, our security team immediately developed security definitions that were rolled out to all Barracuda customers though our automated Energize Updates from Barracuda Central. The vulnerability has been mitigated for all appliances with an active Energize Updates subscription on the current hardware platform. You can read about those updates here.
As the rate of security attacks continues to increase in both sophistication and frequency, our customers can be assured that Barracuda provides quick resolution to threats as they appear. As always, we recommend that customers enable automatic attack definition updates, particularly in the event of such a widespread attack, and keep their systems up to date with the latest firmware releases.