Warning, New Exploit: Dealing with SHELLSHOCK on Linux & SAN Vendor links

Quick Warning:

To those that run your own webservers, and Mac OSX users.. If you haven’t already heard, there is a critical exploit out called SHELLSHOCK now that uses exploits a flaw in “bash” the primary command line of unix type operating systems. (linux, *bsd, Mac OSX). A variable can be used to execute a command.

This exploit can also be triggered remotely by making a special request to most webservers that run on linux or *bsd.

To determine if your server is exploitable, run this command, if it returns “vulnerable” you should upgrade/patch your system:

To upgrade, If your webserver runs:

* Ubuntu, run


* Centos/Redhat, run as root or sudo


This is what patching will look like:

As far as SAN vendors:

Netapp’s statement and affected products:
Direct link to the information: https://library.netapp.com/ecm/ecm_get_file/ECMP1655016
Actual list of vulnerabilities: http://mysupport.netapp.com/NOW/knowledge/docs/olio/scanner_results/
Process to stay informed:http://www.netapp.com/us/legal/vulnerability-handling-response-policy.aspx


The Shellshock bug is fixed in 4.0.12, please open up a ticket and Support will upgrade you


Nimble uses busybox in their jailed CLI. There may be ways to escape out of the CLI via other escalations, but it is not directly SHELLSHOCKable by the CLI.   I am not sure what user/space their webserver instance runs under, so I am unsure if they are able to be exploited via the typical http-header[Cookie]/http-header[Host]/http-header[Referer] tricks.

RedHat Clustered Storage Server:

Yep, you are at risk in most versions.  yum -y update bash to fix it.


See support tech note: https://emc–c.na5.visual.force.com/apex/KB_Non_ESA_Security?id=kA4700000008OfN

Those I know affected:  Atmos, Avamar, Centera, CLARiion (ALL), Celerra (ALL), DataDomain (ALL), Isilon OneFS (ALL), PowerPath Virtual Appliance 1.2.x, RecoverPoint (ALL), Unisphere 2-3.5.1SP1, Unisphere for VMAX, ViPR, VBA, VNX/VNX2/VNXe, VPLEX < 5.4, XtremIO 2.4.1 & 3.0.0



Windows users don’t think you are immune!  You have a DOS variable exploit of the same type for years!



Be Sociable, Share!

, ,