ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

GNU Bash 'Shellshock' Patch now available for CCS-VSM

book

Article ID: 161336

calendar_today

Updated On:

Products

Control Compliance Suite Virtualization Security Manager

Issue/Introduction

GNU Bash 'Shellshock' Patch now available for CCS-VSM.

We have now released a patch that has been tested on CCS VSM 11.0.5.  

Resolution

A security vulnerability in the GNU Bash package known as "Shellshock" has been announced, affecting GNU Bash versions 4.3 patchlevel 27 and prior (CVE-2014-6271, CVE-2014-7169). This is a flaw in the open-source GNU Bash shell that could allow attackers to write to files or execute arbitrary commands. If successfully exploited, this could lead to information disclosure, escalation of privileges, or even full control of the affected system.

The Bash Shellshock patch (HT-CC-20141003-01), which includes a README file with installation and verification instructions, is available in the attached zip file.

For more information about this issue in general, please refer to the following sites: 

CVE-2014-6271 Official Notice
CVE-2014-7169 Official Notice
CVE-2014-6271 NVD Bulletin
CVE-2014-7169 NVD Bulletin

 

 

Attachments

HT-CC-20141003-01.zip get_app