Are any components of Data Loss Prevention vulnerable to the ShellShock bug?
Symantec Data Loss Prevention does not ship any version of Bash (Bourne Again Shell). However, Linux, which is a supported operating system for DLP, has Bash as its default shell. Please check for applicable operating system patches or updates relevant to the ShellShock vulnerability.
DLP has been tested to see if it could potentially be used as a vector to attempt to access the underlying OS version of Bash. Symantec’s analysis showed DLP's input data is properly "sanitized" (no input data goes directly to any environmental variable), so there is no reason to think DLP is vulnerable.
Further information on ShellShock can be found at http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability