ASR1K GNU Bash Vulnerability Rommon requirement (CVE-2014-6271 and CVE-2014-7169)

Similar Messages

• NX-OS ( n7000-s1-dk9.5.1.3.bin ) BASH VULNERABILITY - CVE-2014-6271 and CVE-2014-7169

  Hi ,
  Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS  - n7000-s1-dk9.5.1.3.bin
  https://tools.cisco.com/bugsearch/bug/CSCur04856
  5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
  Thanks for help in advance .

  The concern with the bash shell is that services MAY be setup to run as
  users which use those shells, and therefore be able to have things
  injected into those shells. Nothing on NetWare uses bash by default,
  because NetWare is not anything like Linux/Unix in its use of shells.
  Sure, you can load bash for fun and profit on NetWare, but unless you
  explicitly request it the bash.nlm file is never used. On NetWare I do
  not think it is even possible to have any normal non-Bash environment
  variable somehow be exported/inherited into a bash shell, though I've
  never tried.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• CVE-2014-6271 and CVE-2014-7169 / Oracle Linux

  Hi ,
  patches required to resolve the vulnerabilities described in CVE-2014-6271 and CVE-2014-7169 in Oracle linux 5 (x86) is "bash-3.2-33.el5_11.4.x86_64.rpm "
  from where i can get this patch, its not availible on support.oracle/patches !!
  Thanks,
  Thamer

  Your Oracle Linux system should be configured to automatically install packages either from the Unbreakable Linux Network or public-yum.oracle.com. You might want to ask your Linux sysadmin for assistance if your servers aren't already configured for updates.
  You can also check Chapter 1 and Chapter 2 of the Oracle Linux Administrator's Guide for more details on using ULN or public-yum: Oracle® Linux (it's for OL6 but the concepts are the same for OL5).

• Impact of CVE-2014-6271 and CVE-2014-7169 (Shellshock) on NetWare6.5 SP8

  Greetings, all...
  I see that Novell has a handy security note out regarding CVE-2014-6271:
  http://support.novell.com/security/c...2014-6271.html
  as it pertains to SUSE and SLE, as well as one for CVE-2014-7169:
  http://support.novell.com/security/c...2014-7169.html
  Testing in a bash shell on one of my NetWare boxes, I've been pleasantly
  surprised, though remain unconvinced that the older bash port is entirely
  free of vulnerability, here.
  Yes, I do have a couple SSL sites running on NetWare Apache (2.2.27), though
  I don't believe that anyone is using mod_cgi or mod_cgid.
  (BTW, if anyone needs patched versions of bash 3.0.27 for CentOS 4.8, I have
  32 and 64-bit binary rpms on my FTP server:
  ftp.2rosenthals.com/pub/CentOS/4.8 .)
  Just curious as to what the consensus is regarding NetWare with this thing.
  TIA
  Lewis
  Lewis G Rosenthal, CNA, CLP, CLE, CWTS
  Rosenthal & Rosenthal, LLC www.2rosenthals.com
  Need a managed Wi-Fi hotspot? www.hautspot.com
  visit my IT blog www.2rosenthals.net/wordpress

  The concern with the bash shell is that services MAY be setup to run as
  users which use those shells, and therefore be able to have things
  injected into those shells. Nothing on NetWare uses bash by default,
  because NetWare is not anything like Linux/Unix in its use of shells.
  Sure, you can load bash for fun and profit on NetWare, but unless you
  explicitly request it the bash.nlm file is never used. On NetWare I do
  not think it is even possible to have any normal non-Bash environment
  variable somehow be exported/inherited into a bash shell, though I've
  never tried.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Linux

  Hi,
  Can you suggest from where we need to download bash rpm for OEL 6 :-
  bash-4.1.2-15.el6_5.2.x86_64.rpm
  bash-doc-4.1.2-15.el6_5.2.x86_64.rpm
  Thanks in Advance !!
  Mukesh

  First see the document I linked about creating a local yum mirror (How to Create a Local Yum Repository for Oracle Linux). I very strongly recommend setting this up so your systems can get other updates besides bash.
  The individual RPMs can be found at Index of /repo/OracleLinux/OL6/latest/x86_64/ -- but I cannot stress the importance of updating entire systems rather than just bash. If you are not updating your systems periodically, bash is just one of your worries (as you're undoubtedly vulnerable to hundreds of other exploits in other packages besides Shellshock). Please set up an update repository and use it.
  Patching only the vulnerabilities you see in the news is equivalent to locking your home's front door, but leaving the security alarm disconnected and the back door held open with a doorstop. You need all the updates, not just bash.

• CSCur05017 - N5K/N6K evaluation for CVE-2014-6271 and CVE-2014-7169 - 4

  What about if we run an older version not listed in "Known Affected Releases"? We currently have 2 Nexus switches with engine 5.0(3)N2(1).
  Thanks for any input on that.

  There is one posted under "CER Upgrade Patch" , at least for 10. The bug report is not clear on that at all.
  Turns into: bash-3.2-33.el5_11.4
  after installing the patch.

• CSCur05434 - Emergency Responder evaluation for CVE-2014-6271 and CVE-2014-7169

  So, is there going to be a COP file fix released for Emergency Responder or are we expected to know how to download and install the fixed version of Bash from Red Hat as the solution? For Call Manager, Unity and UCCX, there were COP files released...if this is not going to be the solution for ER, it would be nice if the bug report were clearer on the matter.

  There is one posted under "CER Upgrade Patch" , at least for 10. The bug report is not clear on that at all.
  Turns into: bash-3.2-33.el5_11.4
  after installing the patch.

• Telepresence endpoint evaluation for CVE-2014-6271 and CVE-2014-7169 aka "Shellshock"

  Please refer to the Cisco Security Advisory for more information.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  BUG ID: CSCur02591
  /Magnus

  Hi Magnus,
  Is blocking the management ports (HTTP/HTTPS/SSH/Telnet/basically everything under port 1024) sufficient to mitigate this issue for TelePresence systems?
  Or is the issue also present on the SIP and H.323 ports?

• Contact Center Express GNU Bash vulnerability CSCur02861

  Cisco Security Advisory notes that Contact Center Express is affected by GNU bash vulnerability  [CSCur02861] . But this bug report is not public available. does anyone have information which versions are affected?

  8.0(2)SU5
  NO patch  as it has reached End of SW Maintenance Releases Date
  8.5(1)SU4
  http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(1)
  http://software.cisco.com/download/release.html?mdfid=284367996&flowid=46061&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(2)SU2
  http://software.cisco.com/download/release.html?mdfid=284666782&flowid=46062&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.0(1)SU1
  http://software.cisco.com/download/release.html?mdfid=285000761&flowid=49042&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest

• CUCM GNU BASH vulnerability

  Hi
  Cisco advisory states that versions 9.0, and 9.1 are vulnerable and a fix (9.1(2.13060.1)) is available however I do not see this file available on the downloads page. 
  https://software.cisco.com/download/release.html?mdfid=284510097&flowid=45900&softwareid=282074295&release=9.1(2)SU2a&relind=AVAILABLE&rellifecycle=&reltype=latest
  does anyone know where is this upgrade file available?

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• Fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?

  Hello,
  bug reports says 'Status: fixes' but I cannot find a patch for IM&P.
  any information abaout that?
  Juergen

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• 6500 ACE MODULE: CVE-2010-4180 and CVE-2005-2969

  Hello,
  The version 3.0(0)A5(1.2) is vulnerable to these CVEs. I was looking for fix but it´s hard to find good information at Cisco Release Notes.
  the old versions: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html.
  I was checking if the version A5(3.0) would fix it, but nothing is said in release notes.
  http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_3_x/release/note/ACE_mod_rn_A53x.html
  Anyone know if newer version fixes it or know other source of information?
  Thanks.

  Hi,
  The first vulnerability has been documented by the ACE team under Cisco
  Bug ID CSCtk69440 (https://tools.cisco.com/bugsearch/bug/CSCtk69440).
  This vulnerability was resolved by the engineering team by disabling the
  affected function call.  This particular feature was not in use by the ACE
  device.  The issue was first resolved in Version 3.0(0)A4(1.0.72) back in
  2011.
  The second vulnerbility identified by CVE-2005-2969 does not have a public
  bug ID.  However, the engineering team has evaluated the impact of this
  issue.  The affected padding functions were never enabled in the ACE
  software and the device is not affected.  This would remain the case even
  if SSLv2 were to be enabled on the device for legacy browser compatibility.
  I hope it helps you.
  Regards,
  Felipe Lima

• False positive for GNU Bash Remote Code Execution Vulnerabil​ity

  Dear Team, 
  in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice 
  Best Regards
  Yudi

  Hello Yuibagan,
  This is the Consumer products forum.
  You need to be in the HP Enterprise Business Community for IT related issues for servers, etc.
  I think you will want to post this question in the Security section. Dont post the same question more than once as you did here.
  HP Networking
  You will also want to take a look at the Articles and updates explaining GNU Bash here:
  GNU Bash vulnerability "Shellshock" (CVE-2014-6271... - HP Enterprise Business Community
  HP Security Research: GNU Bash vulnerability "Shel... - HP Enterprise Business Community
  HP AppDefender and HP WebInspect updates: GNU Bash... - HP Enterprise Business Community
  HPSR Software Security Content 2014 Update 3 - HP Enterprise Business Community
  Good luck

• Skype - Intrusion Attempts GNU BASH

  As reported by Norton, something in Skype keeps attempting an so-called "GNU Bash".
  These intrusion attempts have just started today and originate from SKYPE.EXE. I am not actively Skyping with anyone, have not downloaded anything through Skype today, and have Skype minimized. I do have the ads partly blocked (cannot see them), but they are still possibly there and are likely the cause. There are likely some bad ads going around..
  Solved!
  Go to Solution.

  This is more than likely not Skype specific though in this case it sounds related to an infected advertisement.  The GNU Bash vulnerability has pretty much gone rampant online.  It doesn't have to be an advertisement and can be any user or Skype user attacking a range of IPs that their computer interacts with.  The only computers affected by that vulnerability are Linux/Mac users and similar devices that use Bash that haven't been patched.  Bash by default is not installed on OSX unless someone enables advanced Unix services.  That vulnerability would have no effect on a Windows user.  So if any of your contacts have Bash installed on a device/OS you might urge them to get it patched or to uninstal it, if not needed.

• [CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?

  http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x
  Discussion?

  Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  Please refer to the expanded "Affected Products".
  The following Cisco products are currently under investigation:
  Cable Modems
  Cisco CWMS
  Network Application, Service, and Acceleration
  Cisco ACE GSS 4400 Series Global Site Selector
  Cisco ASA
  Cisco GSS 4492R Global Site Selector
  Network and Content Security Devices
  Cisco IronPort Encryption Appliance
  Cisco Ironport WSA
  Routing and Switching - Enterprise and Service Provider
  Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
  Cisco ISM
  Cisco NCS6000
  Voice and Unified Communications Devices
  Cisco Finesse
  Cisco MediaSense
  Cisco SocialMiner
  Cisco Unified Contact Center Express (UCCX)
  Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.