Warning, New Exploit: Dealing with SHELLSHOCK on Linux & SAN Vendor links

Quick Warning:

To those that run your own webservers, and Mac OSX users.. If you haven’t already heard, there is a critical exploit out called SHELLSHOCK now that uses exploits a flaw in “bash” the primary command line of unix type operating systems. (linux, *bsd, Mac OSX). A variable can be used to execute a command.

This exploit can also be triggered remotely by making a special request to most webservers that run on linux or *bsd.

To determine if your server is exploitable, run this command, if it returns “vulnerable” you should upgrade/patch your system:

To upgrade, If your webserver runs:

* Ubuntu, run

http://www.ubuntu.com/usn/usn-2362-1/

* Centos/Redhat, run as root or sudo

https://rhn.redhat.com/errata/RHSA-2014-1293.html

This is what patching will look like:

As far as SAN vendors:

Netapp’s statement and affected products:
Direct link to the information: https://library.netapp.com/ecm/ecm_get_file/ECMP1655016
Actual list of vulnerabilities: http://mysupport.netapp.com/NOW/knowledge/docs/olio/scanner_results/
Process to stay informed:http://www.netapp.com/us/legal/vulnerability-handling-response-policy.aspx

PureStorage:

The Shellshock bug is fixed in 4.0.12, please open up a ticket and Support will upgrade you

Nimble:

Nimble uses busybox in their jailed CLI. There may be ways to escape out of the CLI via other escalations, but it is not directly SHELLSHOCKable by the CLI.   I am not sure what user/space their webserver instance runs under, so I am unsure if they are able to be exploited via the typical http-header[Cookie]/http-header[Host]/http-header[Referer] tricks.

RedHat Clustered Storage Server:

Yep, you are at risk in most versions.  yum -y update bash to fix it.

EMC:

See support tech note: https://emc–c.na5.visual.force.com/apex/KB_Non_ESA_Security?id=kA4700000008OfN

Those I know affected:  Atmos, Avamar, Centera, CLARiion (ALL), Celerra (ALL), DataDomain (ALL), Isilon OneFS (ALL), PowerPath Virtual Appliance 1.2.x, RecoverPoint (ALL), Unisphere 2-3.5.1SP1, Unisphere for VMAX, ViPR, VBA, VNX/VNX2/VNXe, VPLEX < 5.4, XtremIO 2.4.1 & 3.0.0



 

 

Windows users don’t think you are immune!  You have a DOS variable exploit of the same type for years!

 

 

Be Sociable, Share!

, ,