Bash Code Injection Vulnerability AKA: "Shellshock" Vulnerability

Ivan Lawrence -


This article covers the following groups of products.

Group 1 - Rohde & Schwarz products

SpycerBox Ultra, SpycerBox Flex, SpycerBox NAS, Meta Data Server (MDS), Linux based File Servers.  
RedHat Linux are used on recent vintage equipment, earlier equipment uses SUSE.

Group 2 -  DDN products

DDN SFA line of storage products (6620, 7700, 10K, 12K).  
Note: DDN S2A9900 are not vulnerable.

How vulnerable am I?

To answer this question you need to first identify the attack surface in your environment.  If your system lives behind an external firewall and your network's perimeter security is hardened against attack then your internal network would be your primary attack surface.  A common practice in many corporate / production networks rely exclusively on perimeter security to insulate their systems from vulnerability.  In all likelihood, if your system is not exposed to the internet then you are probably not currently at risk.

Additional "Shellshock" Information 

More information can be found via RedHat:
Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)

Group 1 - Rohde & Schwarz products

Diagnostic Steps:

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

this is a test

you are using a vulnerable version of Bash.


To update Bash download the correct version for your OS:



SUSE 10 (No update yet)

How to install:

As root, use the rpm command to install the updated package:

rpm -Uvh </path/to/download>

ex: rpm -Uvh /root/Desktop/RHEL5_bash-3.2-33.el5_11.4.x86_64.rpm

Factory Technical Bulletin

Official factory bulletin can be downloaded at this link:


Group 2 - DDN products

Diagnostic Steps:

If the SFA OS version is below the specified version then you are exposed.

SFA OS SFA 7700, SFA 10K, SFA 12K
SFA OS 1.5.6 S2A6620 (expect by end of Oct 2014)


Update firmware to for SFA 7700, SFA 10K, SFA 12K or 1.5.6 for S2A6620.

Download and install instructions:

Factory Technical Bulletin

Official factory bulletin can be downloaded at this link:




Have more questions? Submit a request


Article is closed for comments.