Bash Code Injection Vulnerability AKA: "Shellshock" Vulnerability

Ivan Lawrence -

Scope

This article covers the following groups of products.

Group 1 - Rohde & Schwarz products

SpycerBox Ultra, SpycerBox Flex, SpycerBox NAS, Meta Data Server (MDS), Linux based File Servers.  
RedHat Linux are used on recent vintage equipment, earlier equipment uses SUSE.

Group 2 -  DDN products

DDN SFA line of storage products (6620, 7700, 10K, 12K).  
Note: DDN S2A9900 are not vulnerable.

How vulnerable am I?

To answer this question you need to first identify the attack surface in your environment.  If your system lives behind an external firewall and your network's perimeter security is hardened against attack then your internal network would be your primary attack surface.  A common practice in many corporate / production networks rely exclusively on perimeter security to insulate their systems from vulnerability.  In all likelihood, if your system is not exposed to the internet then you are probably not currently at risk.

Additional "Shellshock" Information 

More information can be found via RedHat:
Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)

Group 1 - Rohde & Schwarz products

Diagnostic Steps:

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

you are using a vulnerable version of Bash.

Remedy

To update Bash download the correct version for your OS:

RHEL6 = http://www.dvsus.com/gold/san/RHEL6_bash-4.1.2-15.el6_5.2.x86_64.rpm

RHEL5 = http://www.dvsus.com/gold/san/RHEL5_bash-3.2-33.el5_11.4.x86_64.rpm

SUSE 10 (No update yet)

How to install:

As root, use the rpm command to install the updated package:

rpm -Uvh </path/to/download>

ex: rpm -Uvh /root/Desktop/RHEL5_bash-3.2-33.el5_11.4.x86_64.rpm

Factory Technical Bulletin

Official factory bulletin can be downloaded at this link:

http://www.dvsus.com/gold/DVS/RS_DVS_Bash_Technical_Bulletin_141009.pdf

 

Group 2 - DDN products

Diagnostic Steps:

If the SFA OS version is below the specified version then you are exposed.

SFA OS 2.2.1.3 SFA 7700, SFA 10K, SFA 12K
SFA OS 1.5.6 S2A6620 (expect by end of Oct 2014)

Remedy

Update firmware to 2.2.1.3 for SFA 7700, SFA 10K, SFA 12K or 1.5.6 for S2A6620.

Download and install instructions:
http://support.dvsus.com/entries/23561081-DDN-downloads-SFA-and-S2A

Factory Technical Bulletin

Official factory bulletin can be downloaded at this link:

SFA_OS_Mandatory_Upgrades_Fix_Shellshock_BASH_Bug

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.