Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 7000 GNU Bash Bug

Hi,

Cisco documentation states the bug affects the Nexus 7000 family. Upon reviewing the bug article: https://tools.cisco.com/bugsearch/bug/CSCuq98748. It states Known Affected Releases: 6.2(6). Does this mean that this is the only release affected or all releases below it as well?

We are running System version: 6.2(2)

Everyone's tags (3)
9 REPLIES
New Member

Hi,I opened a TAC case with

Hi,

I opened a TAC case with Cisco. They are stating the known affected releases are the ONLY known so far. This does not automatically include all previous releases. Check back on the bug page for further info.

@FordnicholasDo you know what

@Fordnicholas

Do you know what was used to qualify is version of nx-os is affected? 

New Member

We used this structure on our

We used this structure on our Linux machines.

 

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

I'm sure its something similar they're using on the backend to test code

New Member

Hi Fordnicholas,are they

Hi Fordnicholas,

are they still investigating on your question or they have closed the SR?

New Member

My TAC case is closed. My

My TAC case is closed. My question to cisco was if they post a release does it automatically mean all previous releases were affected as well. They  stated this is not the case. You can view all affected releases here.

 

https://tools.cisco.com/bugsearch/bug/CSCuq98748

 

Continue to check back as they update them

Purple

  While they are still

  While they are still figuring out what is affected they put this in their description and I would go by this ----->   All current versions of NX-OS on this platform are affected unless otherwise stated.
This bug will be updated with detailed affected and fixed software versions once fixed software is available.
 

I've read the Nexus 7000

I've read the Nexus 7000 series is susceptible to the security hole but only if authenticated first. I have not heard the same about the Nexus 5000 series. Anyone heard anything?

New Member

All nexus platforms are

All nexus platforms are potentially affected.

New Member

some info on affected nexus

some info on affected nexus 5500/6000 nxos versions: CSCur05017
 

1347
Views
5
Helpful
9
Replies
CreatePlease to create content