Unsolved
This post is more than 5 years old
1 Rookie
•
7 Posts
2
2455
September 29th, 2014 06:00
Bash Shellshock Command Injection Vulnerability (CVE-2014-6271 and CVE-2014-7169)
Hello my friends,
A new vulnerability has been discovered called Shellshock. I performed a test using a simple command to check if my Avamar Virtual Edition would be vulnerable and even that was presented.
The tests were performed according to the websites below, my client requires a path to fix this problem. Is there any fix for Avamar environment?
Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open • The Register
Security Labs: Bash Shellshock Command Injectio... | Qualys Community
Thank you.
pawankumawat
355 Posts
2
September 30th, 2014 05:00
Hello,
Please refer to following KB -
https://support.emc.com/kb/192608
For Avamar 6.x and 7.x, investigation is in progress.
Regards,
Pawan
ionthegeek
2 Intern
•
2K Posts
2
September 30th, 2014 06:00
The latest information on the shellshock vulnerability can be found in the following support article:
Bash Code Injection Vulnerability (ShellShock/BashBug) in EMC products
https://support.emc.com/kb/192608
Avamar is impacted by the vulnerability. Engineering is working on a remediation plan. The article will be updated as more information is available.
sawgust1
1 Rookie
•
7 Posts
0
September 30th, 2014 08:00
Tanks everyone,
Sorry for my english.
sawgust1
1 Rookie
•
7 Posts
0
October 17th, 2014 11:00
The vulnerabilidadde was corrected.
Thanks for all.
https://emc--c.na5.visual.force.com/apex/KB_ESA?id=kA270000000CenJ
ionthegeek
2 Intern
•
2K Posts
0
October 17th, 2014 12:00
The KB article covering the Avamar hotfix is here:
https://support.emc.com/kb/193355
If you're not able to open this link please try again in an incognito window, or clear your cache and cookies, log into support centre, then try again. Single sign-on is a bit... fiddly.
J_H_
2 Intern
•
498 Posts
0
October 17th, 2014 12:00
well 3 different links, and cannot get to any of them.
Update_
got to the files... but now I am confused
are we supposed to upgrade bash on the avamar grids?