CUCM GNU BASH vulnerability
Hi
Cisco advisory states that versions 9.0, and 9.1 are vulnerable and a fix (9.1(2.13060.1)) is available however I do not see this file available on the downloads page.
https://software.cisco.com/download/release.html?mdfid=284510097&flowid=45900&softwareid=282074295&release=9.1(2)SU2a&relind=AVAILABLE&rellifecycle=&reltype=latest
does anyone know where is this upgrade file available?
The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
states :
This package will install on the following System Versions:
- 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx
- 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
- 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx
- 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx
- 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx
So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
Regards.
Similar Messages
-
Contact Center Express GNU Bash vulnerability CSCur02861
Cisco Security Advisory notes that Contact Center Express is affected by GNU bash vulnerability [CSCur02861] . But this bug report is not public available. does anyone have information which versions are affected?
8.0(2)SU5
NO patch as it has reached End of SW Maintenance Releases Date
8.5(1)SU4
http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
9.0(1)
http://software.cisco.com/download/release.html?mdfid=284367996&flowid=46061&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
9.0(2)SU2
http://software.cisco.com/download/release.html?mdfid=284666782&flowid=46062&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
10.0(1)SU1
http://software.cisco.com/download/release.html?mdfid=285000761&flowid=49042&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest10.5(1)SU1
http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
10.5(1)SU1
http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest -
Fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?
Hello,
bug reports says 'Status: fixes' but I cannot find a patch for IM&P.
any information abaout that?
JuergenThe Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
states :
This package will install on the following System Versions:
- 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx
- 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
- 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx
- 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx
- 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx
So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
Regards. -
ASR1K GNU Bash Vulnerability Rommon requirement (CVE-2014-6271 and CVE-2014-7169)
Does any one knows which version recommended ROMmon Release by 3.13.X
Because there was no information by release note
Thanks a lot~Your Oracle Linux system should be configured to automatically install packages either from the Unbreakable Linux Network or public-yum.oracle.com. You might want to ask your Linux sysadmin for assistance if your servers aren't already configured for updates.
You can also check Chapter 1 and Chapter 2 of the Oracle Linux Administrator's Guide for more details on using ULN or public-yum: Oracle® Linux (it's for OL6 but the concepts are the same for OL5). -
Skype - Intrusion Attempts GNU BASH
As reported by Norton, something in Skype keeps attempting an so-called "GNU Bash".
These intrusion attempts have just started today and originate from SKYPE.EXE. I am not actively Skyping with anyone, have not downloaded anything through Skype today, and have Skype minimized. I do have the ads partly blocked (cannot see them), but they are still possibly there and are likely the cause. There are likely some bad ads going around..
Solved!
Go to Solution.This is more than likely not Skype specific though in this case it sounds related to an infected advertisement. The GNU Bash vulnerability has pretty much gone rampant online. It doesn't have to be an advertisement and can be any user or Skype user attacking a range of IPs that their computer interacts with. The only computers affected by that vulnerability are Linux/Mac users and similar devices that use Bash that haven't been patched. Bash by default is not installed on OSX unless someone enables advanced Unix services. That vulnerability would have no effect on a Windows user. So if any of your contacts have Bash installed on a device/OS you might urge them to get it patched or to uninstal it, if not needed.
-
False positive for GNU Bash Remote Code Execution Vulnerabil​ity
Dear Team,
in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice
Best Regards
YudiHello Yuibagan,
This is the Consumer products forum.
You need to be in the HP Enterprise Business Community for IT related issues for servers, etc.
I think you will want to post this question in the Security section. Dont post the same question more than once as you did here.
HP Networking
You will also want to take a look at the Articles and updates explaining GNU Bash here:
GNU Bash vulnerability "Shellshock" (CVE-2014-6271... - HP Enterprise Business Community
HP Security Research: GNU Bash vulnerability "Shel... - HP Enterprise Business Community
HP AppDefender and HP WebInspect updates: GNU Bash... - HP Enterprise Business Community
HPSR Software Security Content 2014 Update 3 - HP Enterprise Business Community
Good luck -
False positive for 16800: TCP: GNU Bash Remote Code Execution Vulnerability
Dear Team,
in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice
Best Regards
Yudi@yuibagan
Thank you for using HP Support Forum. I have brought your issue to the appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post ( serial numbers and case details).
If you are unfamiliar with the Forum's private messaging please click here to learn more.
Thank you,
Omar
I Work for HP -
Bash vulnerability in Solaris 10
http://seclists.org/oss-sec/2014/q3/650
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Any plans for a hotfix for bash on Solaris 10?
$env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
SunOS hostname 5.10 Generic_150401-13 i86pc i386 i86pc
$bash -version
GNU bash, version 3.2.51(1)-release (i386-pc-solaris2.10)
Copyright (C) 2007 Free Software Foundation, Inc.
$pkginfo -l SUNWbash
PKGINST: SUNWbash
NAME: GNU Bourne-Again shell (bash)
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.08.01.09
BASEDIR: /
VENDOR: Oracle Corporation
DESC: GNU Bourne-Again shell (bash) version 3.2
PSTAMP: sfw10-patch-x20120813130538
INSTDATE: Aug 19 2014 07:23
HOTLINE: Please contact your local service provider
STATUS: completely installed
FILES: 4 installed pathnames
2 shared pathnames
2 directories
1 executables
1250 blocks used (approx)Hard to say whether it's safer to wait or safer to patch it yourself in the meantime but, if like me you'd rather not wait an indefinite period of time for a patch, here is a patching process that's working for me:
Found the newest GNU patch compiled for Solaris on Open CSW: bash - Solaris package
To install, you'll want the CSW package utility. Here are some instructions, but I'll also go over it below: Getting started — OpenCSW 0.2014.04 documentation
You may already have the CSW package utilities installed, check under "/opt/csw/bin" for "pkgutil". If it's not there, issue
pkgadd -d http://get.opencsw.org/now
Then, I like to add a symbolic link into /usr/bin to make it easier:
sudo ln -s /opt/csw/bin/pkgutil /usr/bin/pkgutil
Now we can do the install -- pkgutil is going to handle all the heavy lifting, dependency building etc., and place the new bash binary into "/opt/csw/bin"
sudo pkgutil -U
sudo pkgutil -a bash
sudo pkgutil -i bash
Follow the prompts, and then look under /opt/csw/bin for bash:
ls /opt/csw/bin | grep bash
If you see it listed there w/ a Sep 25th date (or later, if you're following these instructions in my future), then you're ready for the final step -- replacing the old bash binary with the new.
We're going to replace /usr/bin/bash with a link to /opt/csw/bin/bash. I was worried this step would crash running processes and applications (weblogic, BI, db instances), but so far no issues -- that said, PLEASE be careful and shutdown anything you can first! I can't be sure this step will work w/o any hiccups every time.
cd /usr/bin
sudo cp bash bash-old
sudo ln -f /opt/csw/bin/bash /usr/bin/bash
You can see we backed up the old bash install (4.1), in case something goes wrong. When finished, issue that command and you should see an error message now:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Again, BE CAREFUL -- while I was figuring this out, I did take down a couple zones to the point where I couldn't SSH back into them.
That said, the steps above are working flawlessly for me -- BUT I can't guarantee you'll have the same experience! -
[CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?
http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x
Discussion?Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Please refer to the expanded "Affected Products".
The following Cisco products are currently under investigation:
Cable Modems
Cisco CWMS
Network Application, Service, and Acceleration
Cisco ACE GSS 4400 Series Global Site Selector
Cisco ASA
Cisco GSS 4492R Global Site Selector
Network and Content Security Devices
Cisco IronPort Encryption Appliance
Cisco Ironport WSA
Routing and Switching - Enterprise and Service Provider
Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
Cisco ISM
Cisco NCS6000
Voice and Unified Communications Devices
Cisco Finesse
Cisco MediaSense
Cisco SocialMiner
Cisco Unified Contact Center Express (UCCX)
Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues. -
4200 series IPS & GNU Bash issue
any idea when we will see an update for cisco-sa-20140926-bash (GNU bash issue) for the 4200 series IPS appliances?
Do the logs show anything useful when the freeze occurs?
-
Hi ,
Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS - n7000-s1-dk9.5.1.3.bin
https://tools.cisco.com/bugsearch/bug/CSCur04856
5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
Thanks for help in advance .The concern with the bash shell is that services MAY be setup to run as
users which use those shells, and therefore be able to have things
injected into those shells. Nothing on NetWare uses bash by default,
because NetWare is not anything like Linux/Unix in its use of shells.
Sure, you can load bash for fun and profit on NetWare, but unless you
explicitly request it the bash.nlm file is never used. On NetWare I do
not think it is even possible to have any normal non-Bash environment
variable somehow be exported/inherited into a bash shell, though I've
never tried.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
Cisco 3560 GNU Bash Environment Variable Command Injection Vulnerability
Does this model 3560 is affected by this vulnerability? If does are there any configuration is required to solve this Bash Code Injection Vulnerability issue? Thanks guys!
I'm seeing things like this. Whenever I look up the victim IPs they resolve to Amazon servers. It looks like a false positive to me also.
event_id = 1360033965674082135
severity = high
device_name = xxxxxxx
app_name = sensorApp
receive_time = 09/28/2014 06:32:59
event_time = 09/28/2014 10:33:29
sensor_local_time = 09/28/2014 06:33:29
sig_id = 4689
subsig_id = 1
sig_name = Bash Environment Variable Command Injection sig_details = CVE-2014-6271 sig_version = S824 attacker_ip = xxx.xxx.xxx.xxx attacker_port = 50986 attacker_locality = OUT victim_ip = 54.204.5.190 victim_port = 80 victim_os = unknown unknown (relevant) victim_locality = OUT summary_count = 0 initial_alert_id = summary_type = is_final_alert = interface = GigabitEthernet0/1 vlan = 0 virtual_sensor = vs0 context = bGVicml0eWJhYmllcy5wZW9wbGUuY29tJTdDYWlkJTNEMjA4OTQ1JTdDY2glM0RiYWJpZXMlN0NzY2glM0RuZXdzJTdDcHR5cGUlM0Rjb250ZW50JTdDY3R5cGUlM0RibG9nJTdDcGFnZSUzRDElN0NzdWJqJTNEYmFiaWVzJTJDa2FueWUtd2VzdCUyQ2tpbS1rYXJkYXNoaWFuJTJDbmV3cyU3Q2NlbGViJTNEJTdDdW5pcXVlJTNEZnVuY3Rpb24rKCkrJTdCJTBBKysrKysrKysrKysrdmFyK2ErJTNEKyU1QiU1RCUyQ2srJTNEKzAlMkNlJTNCJTBBKysrKw==$
actions = droppedPacket+deniedFlow+tcpOneWayResetSent
alert_details = InterfaceAttributes: context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ; risk_rating_num = 100(TVR=medium ARR=relevant) threat_rating = 65 reputation = protocol = tcp -
Bash vulnerability bash CVE-2014-6271 on Cisco devices
Hi, all,
Anybody know whether any Cisco devices are vulnerable to recent bash CVE-2014-6271? I am especially concerned about ASA which opens https to the public.
Thanks,Have a look here:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html
and here:
http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Under affected products. -
CSCuq98748- Bash Vulnerability
All current versions of NX-OS on this platform are affected unless otherwise stated.
unless otherwise stated ..
so you mean only the following 9 Releases are affected?
4.2(8)
5.2(9)
5.2(9a)S3
6.1(5)
6.2(6)
6.2(8a)
7.0(2)
7.1(0)ZN(91.98)
7.1(0)ZN(91.99)Yes they are vulnerable if you are using a certain version of code . The 5k's have 3 different versions that are vulnerABLE and the 7k's have one version 6.2.6 which is vulnerable.
5K info
Last Modified:
Sep 29,2014
Status:
Open
Severity:
2 Severe
Product:
Cisco Nexus 5000 Series Switches
Support Cases:
0
Known Affected Releases:
(3)
5.2(1)N1(8a)
6.0(2)N2(5)
7.0(3)N1(0.125)
Known Fixed Releases:
(0)
Download software for Cisco Nexus 5000 Series Switches
Support Cases:
(0)
Support case links are not customer visible
-->
Related Bugs
Bug(s)
-->
Community Discussion on CSCur05017 - Cisco Support Community -
Install Guide for the Patch CSCur04820 (Bash Vulnerability)
Dear Community,
is there a documentation for the installation of patch CSCur04820 on Prime Collaboration Assurance 10.5.1? In the software downloads sections, there is no readme file provided.
Your answers are greatly appreciated.
Best regards
IgorDuplicate
https://supportforums.cisco.com/discussion/12415666/install-guide-patch-cscur04820-bash-vulnerability
Maybe you are looking for
-
Playing AVI Format Movie Clips?
Hi All, I'm having problems when i try to play movie clips that i've shot using my digital camera. I can save the clips onto iphoto and when i open one, it does play the actual footage but not the sound. The other thing is that when i play each clip
-
Was just wondering whether anyone else had seen this problem as it is defeating TAC right now- We have a number of 4402 WLCs on various sites and another one in a DMZ acting as an anchor controller for the guest network. We're using just the basic we
-
General Inquiry Regarding Error Handling with System Exec.vi
I have a sub vi that uses the System Exec.vi to send SMS messages when triggered. I am confused as to how the error handling works and why all of the errors seem to go to the "standard error" vs the "Error out". The reason I am interested is because
-
Can I save video emails in my photo library?
I cannot figure this out I've asked other people and they don't know either.
-
Why cant I download Photoshop CC Trial
I have wanted to get Photoshop CC for my computer but when I press download trial it says "Photoshop is a desktop app so you'll want to download it from your computer." It is really frustrating and I would appreciate it if someone would help ~Sam