Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro products and the Shellshock – Linux Bash Vulnerability (Bash Bug) [CVE-2014-6271 and CVE-2014-7169]

    • Updated:
    • 11 Oct 2017
    • Product/Version:
    • Core Protection Module - ESP
    • Interscan Web Security Virtual Appliance
    • ScanMail for Exchange
    • Securecloud On-Premise
    • ServerProtect
    • Platform:
    • N/A N/A

What is Shellshock?

The Shellshock Vulnerability (CVE-2014-6271) is a serious vulnerability in Bash on Linux.

According to RedHat, “A flaw was found in the way Bash (aka bourne-again shell) evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.”

There was an original fix published for CVE-2014-6271, but it proved to be incorrect and/or incomplete, so a second advisory was issued (CVE-2014-7169) to address this. 

Who is impacted by Shellshock?

Because some of Trend Micro’s products are designed to run on or protect Linux-based platforms, some of these products may be affected by this vulnerability. This article contains the list of products that are affected and the recommended action to take to eliminate the risks as they are identified and corrected.

External References:

After further investigation of this vulnerability, researchers uncovered two more bugs that affect Gnu BASH parser, 'parse.y'. For more information, refer to the following KB article: 

Trend Micro products that are running on Windows are not affected by the Bash Bug. Trend external servers including SaaS servers are also unaffected.

Linux, Unix, or Mac-based products that are not affected

Business ProductsVersion
AU/iAU (ActiveUpdate) 
CPM for Mac1.1, 2.0
Deep Discovery InspectorAll
Deep Security as a Service (DSaaS)All
Deep Security for Web Apps2.1
Email Encryption Gateway (TMEEG)5, 5.5
Email Reputation Service (ERS)All
Email Security Platform for Service Providers - White Label 1.0
Full Disk Encryption (TMFDE)5.0/3.1.3
Hosted Email Security1.9 and 2.0
Hosted Mobile Security1.6
InterScan for Cisco CSC-SSM6.6
InterScan Messaging Security Suite (IMSS)7.0/7.1
InterScan VirusWallAll
InterScan Web Security as a Service (IWSaaS)1.9
InterScan Web Security SuiteAll
Licensing Management Portal (LMP)/Customer Licensing Portal (CLP)All
Network VirusWall Enforcer (NVWE)All
Remote Manager3.3
SafeSync for BusinessAll
ScanMail for Domino / ScanMail for IBM DominoAll
SecureCloud​3.0, 3.5, 3.6 (Cent OS)
ServerProtect for LinuxAll
Threat Discovery Appliance (TDA) / Deep Discovery Inspector (DDI)All
Threat Mitigator (TMTM)2.58,2.6, 2.6 SP1, 2.6 SP2
Mobile Security for EnterpriseAll
Worry-free Business Security Services5.6
Home and Home Office ProductsVersion
JewelryBox2.0, 2.1
Safesync for ConsumerAll
SafeSync for xSP2.0 (Mac)
Security for Mac (TMSM)1.5, 1.6, 2.0
Titanium for Mac 

Linux, Unix, or Mac-based products that require updates

ProductVersionRequired Update
Advanced Reporting Module (ARM)1.5, 1.6
Data Loss Prevention Network Monitor (DLPNM)2.0
Interscan Messaging Security Virtual Appliance (IMSVA)8.0, 8.2, 8.5
Interscan Web Security Virtual Appliance (IWSVA)
5.5, 5.6, 6.0 SP1, 6.5
SafeSync for Enterprise (SSFE)
2.1, 3.1, 3.2
Smart Protection Server (SPS)
2.5, 2.6, 3.0
Deep Security Virtual Appliance (DSVA)

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and it’s impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Trend Micro Technical Support.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.