The recent vulnerability announced for the Bash shell has been named Shellshock (this seems to be a new news trend after the Heartbleed OpenSSL flaw).  This is hopefully one of those once-in-a-generation vulnerabilities to a piece of software that is deployed with ubiquity, and this flaw may be around for a long time.  But you can at least ensure your 2FA environment is secured against this flaw.

At Green Rocket Security, we take our job securing your strong authentication access seriously, keeping track of and investigating vulnerabilities that are published and quickly taking measures to ensure our products meet the highest level of security assurance.  Therefore, we have worked over the weekend, and GreenRADIUS has been updated with all the patches needed to ensure Shellshock does not expose your organization to potential threats.  For users of the YubiRADIUS product (which is no longer being maintained), migrating to the GreenRADIUS – Yubico Edition provides a simple upgrade to provide the latest security.

Shellshock has been assigned US-CERT Alert TA-286A, and more information can be found at https://www.us-cert.gov/ncas/alerts/TA14-268A.  Multiple variations of the threat were found following its initial release, generating six separate CVE entries (starting with http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271).  This vulnerability has been given a severity rating of 10 out of 10 and should be patched immediately.