https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28193#M125 It looks like extreme has published an official assessment at <A href="http://www.extremenetworks.com/support/software/" target="_blank" rel="nofollow noreferrer noopener">http://www.extremenetworks.com/support/software/</A>. Scroll down the page to security materials to see the bash announcement.<BR /> <BR /> Sat, 27 Sep 2014 08:00:00 GMT Ben_Parker 2014-09-27T08:00:00Z https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28190#M122 when can we reckon with a statement about the shellshock vulnerabilty ?<BR /> are there any advises regarding this problem to enterasys / extreme products to bypass the time untill an official statement / patches for the affected products are released?are there products which are for sure not affected ( products without a bash or without access to the bash) ?<BR /> <BR /> Thank you for any reply<BR /> <BR /> Regards, <BR /> <BR /> Patrick Fri, 26 Sep 2014 13:23:00 GMT https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28190#M122 Patrick_Graf 2014-09-26T13:23:00Z https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28191#M123 Also definitely interested in the response to this. Based on preliminary testing, I spun up a Netsight vm with 6.1.0137 and it was running bash 4.2.24(1) which is in the range of vulnerable versions but I didn't receive the expected output when testing for a vulnerable version. I am concerned though because Netsight, NAC and Purview appliances are all running similar code it looks like and they have web servers on them so NAC would be a great attack vector for malicious worms.<BR /> <BR /> I am not sure about the wireless controllers or XOS. Based on some googling it looks like XOS can running bash commands, but I am new enough to it that I am not sure how that works.<BR /> <BR /> Looking forward to the updates soon.<BR /> Thanks<BR /> Fri, 26 Sep 2014 20:16:00 GMT https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28191#M123 Ben_Parker 2014-09-26T20:16:00Z https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28192#M124 Hi,<BR /> <BR /> An official statement should be made shortly. Let's wait for it for the detail.<BR /> EXOS shouldn't be exposed to this vulnerability.<BR /> <BR /> Regards<BR /> Fri, 26 Sep 2014 22:48:00 GMT https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28192#M124 Stephane_Grosj1 2014-09-26T22:48:00Z https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28193#M125 It looks like extreme has published an official assessment at <A href="http://www.extremenetworks.com/support/software/" target="_blank" rel="nofollow noreferrer noopener">http://www.extremenetworks.com/support/software/</A>. Scroll down the page to security materials to see the bash announcement.<BR /> <BR /> Sat, 27 Sep 2014 08:00:00 GMT https://community.extremenetworks.com/t5/security/shellshock-vulnerability/m-p/28193#M125 Ben_Parker 2014-09-27T08:00:00Z