Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

informacast shellshock vulnerability

Looks like informacast is vulnerable:

admin@singlewire:~$ uname  -a
Linux singlewire 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686 GNU/Linux

admin@singlewire:/$ bash --version
GNU bash, version 3.2.39(1)-release (i486-pc-linux-gnu)

admin@singlewire:~$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"
busted
completed


Many users may still have the default password set for the admin cli account as well.

 

Tried to fix  but need root:

admin@singlewire:~$ sudo apt-get install --only-upgrade bash

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for admin:
Sorry, user admin is not allowed to execute '/usr/bin/apt-get install --only-upgrade bash' as root on singlewire.

 

Have a case open with TAC - will be interesting to see how this will get addressed  :-)

 

 

 

Everyone's tags (1)
3 REPLIES
New Member

So, a few things from your

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

An INTERIM Cisco Security Advisory was published on September 25th, 2014 and is available at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

New Member

Any Updates - I have not

Any Updates - I have not heard back from singlewire as to when/how they will address this issue.

New Member

You can read our official

You can read our official statement about shellshock.

You can download the shellshock update for InformaCast 9.0.2 from singlewire.com or cisco.com.

 - Jerry

403
Views
0
Helpful
3
Replies
CreatePlease login to create content