Fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?

Similar Messages

• False positive for GNU Bash Remote Code Execution Vulnerabil​ity

  Dear Team, 
  in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice 
  Best Regards
  Yudi

  Hello Yuibagan,
  This is the Consumer products forum.
  You need to be in the HP Enterprise Business Community for IT related issues for servers, etc.
  I think you will want to post this question in the Security section. Dont post the same question more than once as you did here.
  HP Networking
  You will also want to take a look at the Articles and updates explaining GNU Bash here:
  GNU Bash vulnerability "Shellshock" (CVE-2014-6271... - HP Enterprise Business Community
  HP Security Research: GNU Bash vulnerability "Shel... - HP Enterprise Business Community
  HP AppDefender and HP WebInspect updates: GNU Bash... - HP Enterprise Business Community
  HPSR Software Security Content 2014 Update 3 - HP Enterprise Business Community
  Good luck

• Contact Center Express GNU Bash vulnerability CSCur02861

  Cisco Security Advisory notes that Contact Center Express is affected by GNU bash vulnerability  [CSCur02861] . But this bug report is not public available. does anyone have information which versions are affected?

  8.0(2)SU5
  NO patch  as it has reached End of SW Maintenance Releases Date
  8.5(1)SU4
  http://software.cisco.com/download/release.html?mdfid=283625051&flowid=46059&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(1)
  http://software.cisco.com/download/release.html?mdfid=284367996&flowid=46061&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  9.0(2)SU2
  http://software.cisco.com/download/release.html?mdfid=284666782&flowid=46062&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.0(1)SU1
  http://software.cisco.com/download/release.html?mdfid=285000761&flowid=49042&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest
  10.5(1)SU1
  http://software.cisco.com/download/release.html?mdfid=286265496&flowid=70402&softwareid=280840578&release=Security_Patches&relind=AVAILABLE&rellifecycle=&reltype=latest

• Can anyone provide me details and fix for Shell Shock vulnerability for Cisco ASA version 5?

  We came to know frm our compliance team that we are running into shell shock vulnerabity therefore wanted to know the fix and document..

  Hi James,
  We do have a PSIRT filed for shell shock vulnerability, please refer details below:
  CSCur00511    ACS evaluation for CVE-2014-6271 and CVE-2014-7169
  https://tools.cisco.com/bugsearch/bug/CSCur00511/?reffering_site=dumpcr
  Here is the fixed code information for individual versions:
  Fixed Code:
  Patch for DDTS CSCur00511 is ready and available on CCO.
  The patch is included in all cumulative patches from version 5.4.0.46.7/5.5.0.46.6/5.6.0.22.1 and later. We recommend that you download the latest cumulative patches.
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.4 / 5.4.0.46.0
  Patch filename: 5-4-0-46-.tar.gpg
  Readme and installaion instructions: Acs-5-4-0-46--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.5 / 5.5.0.46
  Patch filename: 5-5-0-46-.tar.gpg
  Readme and installaion instructions: Acs-5-5-0-46--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.6 / 5.6.0.22
  Patch filename: 5-6-0-22-.tar.gpg
  Readme and installaion instructions: Acs-5-6-0-22--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.3 / 5.3.0.40
  Patch filename: 5-3-0-40-.tar.gpg
  Readme and installaion instructions: Acs-53-Readme.txt
  Regards,
  Tushar Bangia
  Please do rate the post if you find it helpful!!

• Instant Message client - server communication

  Hi,
  I am writing an instant message application that has central server and many connected clients. When one client writes a message to the server, the server echoes the message to all concerned clients
  My server is a servlet, running on a J2EE web server. My client should run on Windows operating system and communicate with the WIN32 API.
  My problem is:
  The server is written in JAVA and my client should use the WIN32 API (in order to add its icon to the Windows tray for instance). How should I perform the client - server communication? What protocol/technology should I use? Should I write my client in C++ and from the server open a socket and perform HTTP requests? It looks too low level to me and not the �right� approach. Does it make sense to write my client in java and let it use JNI? And if yes, what is the preferred way of client � server communication?
  Is there any good reference I can use?
  Thanks

  The both alternates you are thinking over are fine. But the later one may cause some performance and memory issues.
  If you want to go with the first alternate, I suggest you to develope your owen server using ServerSocket and use your own protocol for communication between client and server over the sockets. Because using HTTP protocol will slow down your entire application. It adds overhead because each request passes through the servlet container.

• CUCM GNU BASH vulnerability

  Hi
  Cisco advisory states that versions 9.0, and 9.1 are vulnerable and a fix (9.1(2.13060.1)) is available however I do not see this file available on the downloads page. 
  https://software.cisco.com/download/release.html?mdfid=284510097&flowid=45900&softwareid=282074295&release=9.1(2)SU2a&relind=AVAILABLE&rellifecycle=&reltype=latest
  does anyone know where is this upgrade file available?

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• ASR1K GNU Bash Vulnerability Rommon requirement (CVE-2014-6271 and CVE-2014-7169)

  Does any one knows which version recommended ROMmon Release by 3.13.X
  Because there was no information by release note  
  Thanks a lot~

  Your Oracle Linux system should be configured to automatically install packages either from the Unbreakable Linux Network or public-yum.oracle.com. You might want to ask your Linux sysadmin for assistance if your servers aren't already configured for updates.
  You can also check Chapter 1 and Chapter 2 of the Oracle Linux Administrator's Guide for more details on using ULN or public-yum: Oracle® Linux (it's for OL6 but the concepts are the same for OL5).

• Skype - Intrusion Attempts GNU BASH

  As reported by Norton, something in Skype keeps attempting an so-called "GNU Bash".
  These intrusion attempts have just started today and originate from SKYPE.EXE. I am not actively Skyping with anyone, have not downloaded anything through Skype today, and have Skype minimized. I do have the ads partly blocked (cannot see them), but they are still possibly there and are likely the cause. There are likely some bad ads going around..
  Solved!
  Go to Solution.

  This is more than likely not Skype specific though in this case it sounds related to an infected advertisement.  The GNU Bash vulnerability has pretty much gone rampant online.  It doesn't have to be an advertisement and can be any user or Skype user attacking a range of IPs that their computer interacts with.  The only computers affected by that vulnerability are Linux/Mac users and similar devices that use Bash that haven't been patched.  Bash by default is not installed on OSX unless someone enables advanced Unix services.  That vulnerability would have no effect on a Windows user.  So if any of your contacts have Bash installed on a device/OS you might urge them to get it patched or to uninstal it, if not needed.

• Fix for Unity connection bug CSCtl41495

  Hi,
  I need a fix for this bug but don't see any of the following versions available under Unity Connection download page. The current release I am having is 8.0.3 ES22 and would like to stay on 8.0.3 release.
  Fixed-In
  8.5(1.0)ES17
  8.6(0.99981.1)
  8.0(3)ES25
  8.0(3.23028.1)
  8.6(0.18)
  8.6(0.96000.132)
  8.6(0.96000.53
  Can someone clarify when the next full version 8.0(3.23028.1) would be available for download on CCO? Or can recommend any other version available on CCO which has a fix for this bug. I checked the release notets of available versions, couldn't see it fixed in any of them.
  Thanks,
  inner_silience

  Hi,
  This has been ported back to 8.0(3).  If you open a TAC case, we can publish you the latest 8.0(3)ES27 that contains the fix.
  Hope that helps,
  Brad

• I Need Information about  Open Source Java Client/Server Instant Messaging

  I need your valuable help and collaboration with the following issue:
  I need to know where can find a robust Open Source Java Instant Messaging Client/Server Application.
  I thank in advance for their valuable time. And for the attention and the collaboration lent to me.

  I was going to mention that right off, but since the OP is clearly unaware of the search engines on the Web, I thought I'd give him a hand. Jabber works pretty good - I tried it a while back and some of the clients were ... quirky.

• Real-Time Collaboration Instant Messaging & .wmv video ?

  Hi, is posible using the last version Netweaver 2004s and Netweaver 2004s BI for some <b>Real-Time Collaboration Instant Messaging</b> for speak to users depending the costcenter and territory area ?
  So idea is show too video .wmv for Principal Directors speaking to cost center depending the territory area and departaments. ?
  Some idea ?
  Thank you ...

  We try test Collaboration and Content the Collaboration.

• I need someone Jabber/Instant Messaging

  The company that I consult for needs someone to help it with the deployment of Jabber based Instant Messaging. It will pay competitive rate. The company is based in NYC.
  Please let me know if you can do it, or refer a friend or a co-worker that can. Thanks for your help.

  What one has to do is basically install the Instant Messaging Jabber server and configure it, and be on call for support.
  What will also be necessary is the interface our db with the IM, so only the users from the db can be allowed to use the instant messanger.
  If that sounds like something you can do please let me know. Thanks

• Instant Messaging on the iPhone (AIM,Yahoo,MSN)

  Are there any talks of instant messaging becoming an available option on the iPhone.

  There is plenty of talk by users but none from Apple. If Apple is planning on providing an IM application for the iPhone at some point, such information is not announced or discussed ahead of time by Apple.
  There are plenty of web based methods for accessing IM on the iPhone which work well.

• False positive for 16800: TCP: GNU Bash Remote Code Execution Vulnerability

  Dear Team, 
  in my customer, one of banking in brunei want to access several finance website such as www.iifm.net etc. Tipping point IPS blokec to access the website with report as a 16800: TCP: GNU Bash Remote Code Execution Vulnerability ( Low Severity). The site is normal and legal website. Our question is the several website is needed to access by our employee due to the dailiy working. Please advice 
  Best Regards
  Yudi

  @yuibagan 
  ‎Thank you for using HP Support Forum. I have brought your issue to the appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post ( serial numbers and case details).
  If you are unfamiliar with the Forum's private messaging please click here to learn more.
  Thank you,
  Omar
  I Work for HP

• Ipad2 plus ipad air all of a sudden instantly goes back to home screen.doesnt matter what app i am using just when it decides to do it it does.apple tech has no answer or fix for me does anybody have any idea what is wrong

  ipad2 plus ipad air all of a sudden instantly goes back to home screen.doesnt matter what app i am using just when it decides to do it it does.apple tech has no answer or fix for me does anybody have any idea what is wrong

  First thing to try is to reset your device. Press and hold the Home and Sleep buttons simultaneously until the Apple logo appears. Let go of the buttons and let the device restart. See if that fixes your problem.
  Could also be not enough free space for the iPad to operate efficiently. With iOS 7 it is recommended that you have 15-20% of the storage space on the device free.  For a 16 GB device that is 2.4-3.2 GB free. For a 32 GB device that is 4.8-6.4 GB free. For a 64 GB device that is 9.6-12.8 GB free.
  If neither of these suggestions helps, Make an appointment at an Apple Store to have your device examined by a technician. Or contact Apple Support.