This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

shellshock vulnerability

shellshock vulnerability

Patrick_Graf
New Contributor

‎09-26-2014 06:23 AM

when can we reckon with a statement about the shellshock vulnerabilty ?
are there any advises regarding this problem to enterasys / extreme products to bypass the time untill an official statement / patches for the affected products are released?are there products which are for sure not affected ( products without a bash or without access to the bash) ?

Thank you for any reply

Regards,

Patrick
0 Kudos
3 REPLIES 3

Ben_Parker
New Contributor II

‎09-27-2014 01:00 AM

It looks like extreme has published an official assessment at http://www.extremenetworks.com/support/software/. Scroll down the page to security materials to see the bash announcement.

0 Kudos

Stephane_Grosj1
Extreme Employee

‎09-26-2014 03:48 PM

Hi,

An official statement should be made shortly. Let's wait for it for the detail.
EXOS shouldn't be exposed to this vulnerability.

Regards
0 Kudos

Ben_Parker
New Contributor II

‎09-26-2014 01:16 PM

Also definitely interested in the response to this. Based on preliminary testing, I spun up a Netsight vm with 6.1.0137 and it was running bash 4.2.24(1) which is in the range of vulnerable versions but I didn't receive the expected output when testing for a vulnerable version. I am concerned though because Netsight, NAC and Purview appliances are all running similar code it looks like and they have web servers on them so NAC would be a great attack vector for malicious worms.

I am not sure about the wireless controllers or XOS. Based on some googling it looks like XOS can running bash commands, but I am new enough to it that I am not sure how that works.

Looking forward to the updates soon.
Thanks
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN