IO Analyzer and Shell Shock

Similar Messages

• Can anyone provide me details and fix for Shell Shock vulnerability for Cisco ASA version 5?

  We came to know frm our compliance team that we are running into shell shock vulnerabity therefore wanted to know the fix and document..

  Hi James,
  We do have a PSIRT filed for shell shock vulnerability, please refer details below:
  CSCur00511    ACS evaluation for CVE-2014-6271 and CVE-2014-7169
  https://tools.cisco.com/bugsearch/bug/CSCur00511/?reffering_site=dumpcr
  Here is the fixed code information for individual versions:
  Fixed Code:
  Patch for DDTS CSCur00511 is ready and available on CCO.
  The patch is included in all cumulative patches from version 5.4.0.46.7/5.5.0.46.6/5.6.0.22.1 and later. We recommend that you download the latest cumulative patches.
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.4 / 5.4.0.46.0
  Patch filename: 5-4-0-46-.tar.gpg
  Readme and installaion instructions: Acs-5-4-0-46--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.5 / 5.5.0.46
  Patch filename: 5-5-0-46-.tar.gpg
  Readme and installaion instructions: Acs-5-5-0-46--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.6 / 5.6.0.22
  Patch filename: 5-6-0-22-.tar.gpg
  Readme and installaion instructions: Acs-5-6-0-22--Readme.txt
  Download from: CCO / Support / Download Software http://www.cisco.com/cisco/pub/software/portal/select.html?i=!y
  Select: Security / Identity Management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.3 / 5.3.0.40
  Patch filename: 5-3-0-40-.tar.gpg
  Readme and installaion instructions: Acs-53-Readme.txt
  Regards,
  Tushar Bangia
  Please do rate the post if you find it helpful!!

• Query related to Nexus Affected by Shell Shock

  Hi
  Can anyone please tell us if the below Nexus hardware with the respective software (NX-OS) is affected by shell shock ?
  If yes then which is the fixed version of NX-OS for each ?
  Thanks in advance.
  Regards,
  Nasir 

  Ok, so i've change my query to something like this:
  SELECT TOP 100 *
  FROM     OWTR as t1
  INNER join WTR1 as t2 ON (t1.docentry = t2.docentry)
  INNER JOIN OITL AS t3 ON t3.DocEntry = t1.DocEntry
  INNER JOIN ITL1 AS t4 ON t4.LogEntry = t3.LogEntry
  INNER JOIN OSRQ AS t6 ON t6.AbsEntry = t4.MdAbsEntry --AND t6.ItemCode = t4.ItemCode
  INNER JOIN OSRN AS t5 ON t4.ItemCode = t5.ItemCode AND t4.SysNumber = t4.SysNumber AND t5.AbsEntry = t4.MdAbsEntry
  Rob, can you check if make sense this?
  Now, i can't figure it out where is the old Direction field (on SRI1) in this new tables.
  I've check on SAP, and it points to a RITL table/view/internal (???).

• Shell shock - Bash still is not updated

  I purchased my Mac earlier this year (2014.7) and it was originally installed with OS X 10.9
  I have currently formatted my Mac 5 times since I have purchased it due to issues with Bash, Java, Safari, the App store.
  I believe I was victim to Shell shock as my Bash responds to the first vulnerability (First Update dated Sept 26, 2014, Bash version 3.2.53)
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  with a vulnerable output.
  this is a test
  I have downloaded the BashUpdateMavericks.pkg which NIST points to and it comes up with an error. I have tried installing the parch on both Mavericks and Yosemite and neither result in a successful instalment.
  Can anyone give any insight on what I should do to patch up bash?

  Apple's article about the BASH issue is here About OS X bash Update 1.0 - Apple Support
  While this vulnerability is generically described as the shellshock aka. BASH issue, there actually several permutations of it. Some fixes only addressed some of those variations. As you will see Apple's article says they address two listed vulnerabilities but actually (as I read it) includes three different fixes.
  The following article https://shellshocker.net seems to list six variations plus the original issue including the two Apple list.
  On that basis one could argue Apple's fix does not address all the possible variations. However based on Apple's fix the result "this is a test" indicates the patch is correctly installed. Based on the shellshocker test all seven out of seven variations are fixed by Apple if you have the Apple patch installed.
  This is the result I get on Mavericks 10.9.5 with Apple's patch applied.
  CVE-2014-6271 (original shellshock): not vulnerable
  CVE-2014-6277 (segfault): not vulnerable
  CVE-2014-6278 (Florian's patch): not vulnerable
  CVE-2014-7169 (taviso bug): not vulnerable
  CVE-2014-7186 (redir_stack bug): not vulnerable
  CVE-2014-7187 (nested loops off by one): not vulnerable
  CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable
  With an unpatched copy of Mavericks I get the first four as vulnerable and the last three as not vulnerable suggesting Apple indeed only had to add three fixes. (The last six issues are variations of the first one.)
  CVE-2014-6271 (original shellshock): VULNERABLE
  bash: line 17: 54477 Segmentation fault: 11  shellshocker="() { x() { _;}; x() { _;} <<a; }" bash -c date 2> /dev/null
  CVE-2014-6277 (segfault): VULNERABLE
  CVE-2014-6278 (Florian's patch): VULNERABLE
  CVE-2014-7169 (taviso bug): VULNERABLE
  CVE-2014-7186 (redir_stack bug): not vulnerable
  CVE-2014-7187 (nested loops off by one): not vulnerable
  CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

• Shell shock patch

  Hi there when will the shell shock patch be available please? Also what are the precoutions I can take right now to guarantee nothing will happen to my computer please? I have mavericks

  If you are running a web server or are one of what Apple calls its "advanced UNIX users" apply the recent patch by downloading it from the GNU project archive.
  If you don't know what that is, how to obtain it, or how to apply it to your server, then you are not affected and there is nothing you need to do.
  Apple announced they are "working to quickly provide a software update for our advanced UNIX users."
  There are plenty of bad things that could happen to a system due to existing vulnerabilities, known or unknown. There is no reason for any more concern today than there has ever been. Bash has been included with OS X for years, perhaps since its inception, and the particular flaw that was just discovered may have existed for years prior to that.
  Similar vulnerabilities may also be discovered and exploited, now or in the future. The resulting effects, if there are any, cannot be accurately predicted.
  Until then:
  Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them.
  Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

• Shell Shock effect

  Hey, my buddy has Soundtrack and so do I and we were wondering if anyone knows how to make a shell shock effect on soundtrack.
  -Jackamo
  P.S. don't know if this is where the topic goes please re-direct if miss placed

  can you describe this effect - not really sure what kinda sound you are asking about - always thought shell shock was a state-of-mind rather than a actual sound?!?
  gavin little
  echolab
  dublin, ireland
  http://www.echo-lab.com/
  http://www.imdb.com/name/nm1962022/

• Shell Shock

  Ok i know shell shock is a term for the state of mind, but in the movies the sound is always muffled. i'm a newbie at soundtrack pro and was wondering how to create the muffled effect,

  hi
  there are many ways to acheive the effect you are talking about. It kind of depends what your perception of shell-shock is (or matching it - if you have ever suffered it!!!)
  one way to do this is to use an EQ to filter out all the high frequencies - this will give the muffled effect you describe. Or use a High Cut filter to do the same.
  there are also creative ways to achieve the disorientation of shell-shock. you could add a very high frequency sound to give a 'ringing in the ears' effect which often occurs after being in close proximity to a blast etc. (a very good example of this is in the recent film "We Own The Night" with joaquin phoenix - the scene where he is in the drug factory)
  I created the sound design for a short film directed by Ruairi Robinson...
  http://www.echo-lab.com/index.php?file=SC
  check the scene at 03:20
  sometimes sound design can be as much about what sounds you remove, rather than being about using great sounds. it's whatever tells the story really.
  hope this is of help to you
  gavin little
  echolab
  dublin, ireland
  http://www.echo-lab.com/
  http://www.imdb.com/name/nm1962022/

• Shell Shock Vulnerability

  sh and bash are vulnerable in Solaris 8 & 9
  Are there patches available??

  sh on any Solaris version is NOT bash. So sh is not vulnerable.
  bash might be vulnerable but normally Solaris would execute /bin/sh when performing system(),exec*(),popen() etc.
  So IMHO chance of exploiting shell shock on a normal Solaris system is slim unless the admin has installed software that explicitely calls bash.
  Paul
  PS I am not saying it cannot be vulnerable just that chance are much lower than on most linux distros.

• Any speculation around Bash "Shell shock" impact on VMware products?

  According to VMware investigating bash command injection vulnerability aka Shell Shock (CVE-2014-6271, CVE-2014-7169) | VMware Securi…, VMware is investigating the impacts of the Bash security vulnerability on VMware products.
  What do you think about the possible impact on ESXi hosts? Vulnerable to remote code execution or not?

  Does anybody know if the vShield Manager 5.1.4.1912202 is affected by shellshock? Thanks!!
  While not mentioning vShield Manager in particular, the KB article lists "vCloud Networking and Security 5.x (aka VMware Shield 5.x)" which the vShield Manager virtual appliance is a part of.
  Since the vShield Manager virtual appliance runs a full GNU/Linux OS underneath, I'm 99% certain it has a bash and is thus affected as well, like all the other virtual appliances. In fact, I'm not aware of any VMware virtual appliance that don't have a bash shell (feel free to correct me if I'm wrong).
  It seems like VMware is doing the proper thing and disabling parsing in bash altogether.
  Probably requires a lot more QA testing, but mitigates future parser bugs that are most likely coming.
  http://www.openwall.com/lists/oss-security/2014/09/29/43
  That's quite interesting.
  This raises the general issue of virtual appliances and patching once again. The GNU/Linux OS running in pretty much all appliances is just a customized version of another popular distribution (majorly SuSe in VMware's VAs), so in theory you could just update with the distributions default packages instead of having to wait for vendors to publish it's "certified" updates.
  I completely agree that QA is important and it can be problematic for certain packages like java, webserver or database software and depending libraries. But updates to more "generic" applications like bash or openssl (heartbleed), which only fix a very certain code area, shouldn't cause any issues in the applications.
  Given the severity of bugs like Shellshock and Heartbleed, there might be limited patience in some environments with waiting for vendors re-packing fixes that are released since some time.
  That "updating" a virtual appliance sometimes means "deploy a new VA from scratch and migrate data" doesn't help in that regard either.

• Is this product have shell shock (CVE-2014-6271) vulnerability

  There is world wide shell shock (CVE-2014-6271) vulnerability. Is there any impact on Firefox versions ?If yes, what are the versions effected this ? And what are the plans to deliver fixes for this vulnerabilities from Firefox ?

  Correct, in response to the escalation tag, I confirmed with the security team that this has nothing to do with Firefox.
  It was warned that the bash shellshock was more of a worry. However there [cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568] and [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html]

• What do I need to manage shell shock or bash bug on my airport router

  What do I need to do to manage shell shock or bash bug on my airport router?

  I do have shell access to my apple router..
  When I run command to test for bash vulnerability.
  tcgen4# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  env: bash: No such file or directory
  If I just type bash.
  tcgen4# bash
  bash: not found
  So they have not complied bash into the airport routers.
  Apple routers are not running BASH.. you have nothing to worry about.
  (I have only tested  N wireless models)
  It is probably running the standard busybox shell. The env command shows the shell as SHELL=/bin/sh
  I do not have the latest version AC models.. but it is certainly not part of the earlier N wireless model airports. I would not think the change to the AC model will make any difference and it is still based on NetBSD.
  Thanks to John for sane comments.
  Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them.
  Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.
  My Mac is vulnerable.
  When I run the command..
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  vulnerable
  this is a test
  The output shows that the Mac is allowing commands via bash.
  In order to access my computer from outside, a person would need passwords or something shared and open.. I have nothing.. and simply being behind a NAT router provides plenty of protection.. in due course when Apple releases the updates.. (I am fully up to date now).. I will apply it. Until then I suspect I will be more likely to die of heart attack than be hacked..

• Difference between Bex Analyzer and Bex WAD

  Hi Every one,
  I am pretty new to SAP, and working on SAP BW Front end.
  I am pretty aware of Bex Analyzer and also Browser, but i always have a doubt about Bex WAD.
  In my present job i talk to the users and take the requirments and create queries in the Bex analyzer which i am comfortable doing it.
  I also know all the features of Analyzer and created quries and also published it on web, and also created workbooks and inserting multiple quries in the workbook etc etc..
  However i have zero knowledge on WAD and how it is useful to me, and as if now i haven't got any requirment from the client for me to create any report in WAD or do some thing in WAD.
  I have gone through SAP SDN help etc but i am not understanding it at all.
  So can any one explain me in a laymans terms what WAD is and how it will be useful to me?
  and also if possible send me link which has got PDF screen shots of what WAD is?
  Points is for sure.
  Regards,
  Ram

  Raj,
  Thanks for the reply, but i still did not get the understanding about WAD. i have studied the link which you sent me.
  I am still not able to understand how it is helpful for people like me,
  See i create my report in Query designer, and i can execute the query in Analyser. and if i want i can execute it in the Web from my query designer, and also i can create chart on the web if i want.And i can Broadcaste it in the Web.
  and also if i want i can create it in the workbook and create chart in that work book.
  Then what is the point of Web Application Designer (WAD).
  See i have created the Query in Designer in Development say Sales report Query on the infoprovider for SD, now what should i do with it in WAD.
  How can i get it in WAD, i went to start> all Programs>Bex> WAD and i logged in to development and a sereen opend. And from here what i can do, i mean how can i open my created query in WAD?
  As you guys know i am new to SAP itself, but i dont see any advantage about WAD, i read all the articals and there i found that i can create Web Items, HTML etc etc, but i already have HTML, when i execute my query from the Designer i get it in Web Browser...
  See my question is simple, i have a query which i have created in the Query Designer, now how can i get it to WAD and after getting it what can i do with it??
  If any one has a screen shots of there pls send me.
  And Sanjeev has sent me a PDF which i saw earlear and i done the same in my WAD but i am not about to get it to work.
  I have given the points to every one but still what i need i did not get yet.
  Regards,
  Ram

• How to capture a .gif file from a spectrum analyzer and save the file in PC

  I want to capture a .gif file from a spectrum analyzer and save the file in PC, but I've got a problem when read data from the instrument. I'm not sure how to format the string got from the instrument , When I use "%s" or "%t" as the read string format the data got from the instrument is truncated.
  my code are as follows, could anyone tell me where i am wrong?
  char resultsArray[5000];
  viPrintf(hSpectrumInstr, ":MMEMTORCR 'CICTURE.GIF'\n");
   viQueryf(hSpectrumInstr, ":MMEMATA? 'CICTURE.GIF'\n", "%t", resultsArray);
   printf("%s", resultsArray);
   getchar();       
  Solved!
  Go to Solution.
  Attachments:
  readResult.docx ‏50 KB

  char resultsArray[5000];
  viPrintf(hSpectrumInstr, ":MMEMTORCR 'CICTURE.GIF'\n");
  viQueryf(hSpectrumInstr, ":MMEMATA? 'CICTURE.GIF'\n", "%b", resultsArray);

• Analyze and optimization

  Hello everyone,
  I'm on this subject for now 3 weeks and i need help.
  I'm trainee in a company where i have to analyze and optimize their GPO as simple as that, I so learn in detail how does this tool work ect and other useful things about Active Directory.
  I learned their 60 gpos (Some rules up to 600 settings...) and their thousands parameters which is essential for me and during my searches i found many many many softwares to detect parameters conflicts or duplicated settings, but after all my tries i'm
  not satisfied today by what i found.
  I used a trial version of GPOAdmin, the GPO Reporting pack from SDM, probably all the Microsoft tools, ActiveAdministrator ect ... I mean all these tools are very powerful and allow many features but i just need something that will find and tell me where
  are all my conflicts on my domain and by this I will correct these settings to have a full capable domain optimized and users won't complain anymore because they'll have a faster logon ect...
  Maybe I don't use the products as i should or maybe it doesn't even exist but it seems very long to analyze all by my self and write every parameter on each object that will be applied and check if there won't be conflict or another GPO for this setting.
  Maybe Powershell can help me on this but I don't know how to use it to.
  So here I am and if you have any idea to help me on the best practice or someone had to do the same job as I have tell me I'll be very happy to receive your information.
  Thanks and sorry for my English.

  > I mean that if there are 10 gpo for the domain and 10 others on children
  > UO, some parameters will be overwritten (Conflict) or the same
  > parameters will be set 5 times (Duplication).
  Yes, that's true. But setting a simple registry key takes a time windows
  cannot even log to the gpsvc.log file. This is from a VM running on a
  desktop system concurrently with 4 other VMs:
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 1 =>
  Microsoft.CredentialManager  [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 2 => Microsoft.GetPrograms
   [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 3 => Microsoft.HomeGroup  [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 4 =>
  Microsoft.iSCSIInitiator  [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 5 =>
  Microsoft.ParentalControls  [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 6 =>
  Microsoft.PeopleNearMe  [OK]
  GPSVC(478.d68) 11:48:19:813 SetRegistryValue: 7 =>
  Microsoft.UserAccounts  [OK]
  GPSVC(478.d68) 11:48:19:829 SetRegistryValue: 8 =>
  Microsoft.WindowsAnytimeUpgrade  [OK]
  And even here it takes only about 1 ms average - on a real system, this
  is about 50 times faster.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Analyze and fix not available in project timeline, fcpx

  When I imported media into my event, I did not select Analyze and Fix but now want to use this function.  Analyze and Fix is available when I have a clip selected  the events library, but Analyze and Fix is grayed out and not available when I select a clip in my project timeline.  According to a lynda.com tutorial, this feature should be available in the timeline.  Does anyone know why or am I doing something wrong?  Thanks.

  Hmm...looks like my shots didn't come through.  Let me try again using Insert Image.