Is DLP vulnerable to the shell shock bug?
search cancel

Is DLP vulnerable to the shell shock bug?


Article ID: 161227


Updated On:


Data Loss Prevention Enforce Data Loss Prevention


Are any components of Data Loss Prevention vulnerable to the ShellShock bug?


Symantec Data Loss Prevention does not ship any version of Bash (Bourne Again Shell).  However, RHEL (which is a supported operating system for DLP servers) has Bash as its default shell. Please check for applicable operating system patches or updates relevant to the ShellShock vulnerability.

DLP has been tested to see if it could potentially be used as a vector to attempt to access the underlying OS version of Bash.  Symantec’s analysis showed DLP's input data is properly "sanitized" (no input data goes directly to any environmental variable), so there is no reason to think DLP is vulnerable.




Additional Information

Further information on ShellShock can be found at Endpoint Protection - Symantec Enterprise (