09-25-2014 07:19 AM
http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x
Discussion?
09-25-2014 07:26 AM
No - ESA and SMA do not have BASH running on the OS - so, they are not included.
Complete info:
http://tools.cisco.com/security/center/viewAlert.x?alertId=35816
09-25-2014 01:17 PM
Hello Robert
Where do we stand with the Ironport Encryption Appliances? Your input would be appreciated.
Regards
09-25-2014 01:32 PM
For the IEA - checking on status, we have an open query with our PSIRT team - who handles the vulnerability assessments. Looking at one appliance in lab - I see it running the following:
# bash --help
GNU bash, version 3.1.17(1)-release-(i686-redhat-linux-gnu)
I'll have to provide an update regarding the IEA once I have further info.
-Robert
09-25-2014 01:40 PM
Hi Robert
Thank you very much for the quick response. It is appreciated.
I will stand by for an update on the matter.
Regards
Harry
09-26-2014 05:39 AM
Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Please refer to the expanded "Affected Products".
The following Cisco products are currently under investigation:
Cable Modems
Network Application, Service, and Acceleration
Network and Content Security Devices
Routing and Switching - Enterprise and Service Provider
Voice and Unified Communications Devices
Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.
09-28-2014 07:29 AM
IEA patch and information will be available once approved from PSIRT. Once it is completed, you will see this added to the +Affected Products, +Vulnerable Products, and the CSC public defect note will be added, allowing you to see the fix steps via the bugsearch tool.
We appreciate the patience and understanding in this matter involving the IEA!
-Robert
09-28-2014 11:28 PM
Good morning Robert
Thank you for the update, it is appreciated.
Regards
Harry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide