ghost Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The […]

READ MORE

Cloud Security Shellshock and CloudStack

Shellshock is the family of bugs in the Unix Bash shell which allows an attacker to execute arbitrary commands on a vulnerable system potentially allowing an attacker to gain full access to that system. The bug (CVE-2014-6271) was first disclosed on 24 September 2014, upon closer inspection of the code, related vulnerabilities (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187) were […]

READ MORE

monkey Introducing Server Profiles in CloudStack CloudMonkey

The Apache CloudStack community recently released CloudMonkey 5.2.0. In this post, Rohit Yadav Software Architect at ShapeBlue talks about this release and his work on the new server profile feature. For more information on CloudMonkey and its usage click here.  At ShapeBlue we offer CloudStack infrastructure support and in doing so we rely heavily on tools such as CloudMonkey which is the official […]

READ MORE