VARIoT IoT vulnerabilities database

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "restart". Successful exploitation will allow an attacker to execute arbitrary commands on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "start". Successful exploitation will allow an attacker to execute an arbitrary file on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions

The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of calls to IOHIDSecurePromptClient. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. An attacker can leverage this vulnerability to crash an instance of OS X. Apple Mac OS X is a set of dedicated operating systems developed by Apple Inc. of the United States for Mac computers. A remote attacker could use this vulnerability to crash an application and deny legitimate users

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell Micrologix 1400 DNP3 is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications. The loophole comes from the fact that the program does not set the security attribute when creating a session cookie

Bangxun Wlan AC is a wireless controller product produced by Bangxun Technology Co., Ltd. It is used to build large-scale wireless networks for basic telecommunications companies. Testing found that multiple management pages of products related to V2.0.9 related versions have unauthorized access vulnerabilities. Anonymous can directly access the information on Wlan AC / AP, such as device information, AP information, user information, etc.

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. IBM Security Access Manager for Web is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause CPU utilization to rapidly increase, leading to a denial-of-service condition. It provides user access management and Web application protection function. WebSEAL is one of the Web server components that provides authentication

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. Remote attackers can exploit this issue to execute arbitrary shell commands within the context of the affected system. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. The management console in ISAM has a security hole

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. It provides user access management and Web application protection functions. The Local Management Interface in ISAM has a cross-site scripting vulnerability

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. This issue is being tracked by Cisco bug ID CSCup10343. A security vulnerability exists in CWMS version 2.5 due to the program not properly validating user-supplied input

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. The Linksys EA6500 is a wireless router device. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. Linksys EA6500 is a wireless router device. Linksys EA6500 has a cross-site scripting vulnerability. Linksys EA6500 is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible

Huawei Switches is a Huawei switch series device. Huawei Switches All V200R001 devices use the VRP platform for information leakage. The MPLS LSP PING service is bound to an unneeded interface, which can cause device IP leakage. Allow remote attackers to exploit vulnerabilities to obtain sensitive information.

Nucom HK Modem Nucom ADSL R5000UN is an ADSL router product from Nucom HK of Hong Kong, China. An information disclosure vulnerability exists in Nucom HK Modem Nucom ADSL R5000UN. An attacker could use this vulnerability to gain access to sensitive information, leading to further attacks

ZyXEL P-660HNU-T1 is a wireless router product of ZyXEL technology company. An information disclosure vulnerability exists in ZyXEL P-660HNU-T1. An attacker could use this vulnerability to gain access to a username and password for further attacks. Vulnerabilities in ZyXEL P-660HNU-T1 version 2.00, other versions may also be affected. ZyXEL P-660HNU-T1 is prone to an information-disclosure vulnerability

WS10 Data Server is a data acquisition and monitoring system (SCADA) for the industrial automation industry. A remote buffer overflow vulnerability exists in WS10 Data Server, which originates from the program's failure to perform correct boundary checks on user-supplied data. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may also cause a denial of service. There are vulnerabilities in WS10 Data Server version 1.83, other versions may also be affected. Failed exploit attempts will likely result in denial-of-service conditions

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. This vulnerability CVE-2014-6271 , CVE-2014-7169 ,and CVE-2014-6277 Vulnerability due to insufficient fix for.A third party may be able to execute arbitrary commands through a crafted environment. QNAP Systems, Inc. Provided by QTS teeth, Turbo NAS for OS is. QTS for, GNU Bash Vulnerability (JVNVU#97219505) caused by OS Command injection vulnerability (CWE-78) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : University of Electro-Communications Wakisaka Yuki MrAny application permission OS The command may be executed. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Customers who need to upgrade the firmware of their Superdome X or HP Converged System 900 for SAP HANA should contact HP Technical Support to obtain the firmware or plan to schedule an onsite visit with an HP Services field service professional. Patch and maintain Lightweight Directory Access Protocol (LDAP) and web servers. Use virus scanners, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners regularly. Apply all recommended HP Firmware updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04558068 Version: 1 HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-02-02 Last Updated: 2015-02-02 Potential Security Impact: Multiple vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. References: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-7196 SSRT101742 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7196 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following instructions to resolve these vulnerabilities. Follow these steps to update the HP Insight Control for Linux Central Management Server Pre-boot Execution Environment: NOTE: The following procedure updates the bash shell on the Linux Pre-boot Execution Environment. Please update the Bash shell version on the HP Insight Control for Linux Central Management Server also. 1. On the Production RHEL 6.2 OS: a. Prepare temporary directory for Bash update software: # mkdir -p $HOME/tmp/bash # cd $HOME/tmp/bash # pwd <home directory>/tmp/bash b. Download the file 'bash-4.1.2-15.el6_4.2.i686.rpm' for Insight Control for Linux Red Hat 6.2 i386 from https://rhn.redhat.com/errata/RHSA-2014-1311.html to the temporary directory '$HOME/tmp/bash'. c. Extract the Bash update software package. # rpm2cpio bash-4.1.2-15.el6_4.2.i686.rpm| cpio -idmv d. Verify the version of the Bash update software: # ./bin/bash --version GNU bash, version 4.1.2(1)-release (i686-redhat-linux-gnu) e. Verify version dependencies: # ldd ./bin/bash linux-gate.so.1 => (0x008a7000) libtinfo.so.5 => /lib/libtinfo.so.5 (0x00459000) libdl.so.2 => /lib/libdl.so.2 (0x002c0000) libc.so.6 => /lib/libc.so.6 (0x0012e000) /lib/ld-linux.so.2 (0x00108000) f. Create archive file from '/lib' to copy and install on the Insight Control for Linux Central Management Server Pre-boot Execution Environment system: # mkdir $HOME/tmp/lib # cd /lib # cp * $HOME/tmp/lib # cd $HOME/tmp # pwd <home directory>/tmp # tar cvf bash_lib.tar * 2. Download the new archive file '$HOME/tmp/bash_lib.tar' from the Production RHEL 6.2 OS system to the Insight Control for Linux Central Management Server Pre-boot Execution Environment system. 3. On the HP Insight Control for Linux Central Managment Server Pre-boot Execution Environment system: a. Create a temporary folder for the toolkit and copy the toolkit there : # mkdir -p $HOME/tmp/temp-toolkit # cp /usr/share/systemimager/boot/i386/standard/toolkit.tar.gz $HOME/tmp/temp-toolkit b. Extract the file 'toolkit.tar.gz' into the temporary folder: # cd $HOME/tmp/temp-toolkit # tar zxvf toolkit.tar.gz # mv $HOME/tmp/temp-toolkit/toolkit.tar.gz /tmp c. Verify the version of the toolkit Bash: # $HOME/tmp/temp-toolkit/bin/bash --version GNU bash, version 3.2.0(1)-release (i386-pc-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc. d. Verify dependencies versions: # ldd $HOME/tmp/temp-toolkit/bin/bash linux-gate.so.1 => (0xffffe000) libtermcap.so.2 => /lib/libtermcap.so.2 (0xf7f8c000) libdl.so.2 => /lib/libdl.so.2 (0x008bf000) libc.so.6 => /lib/libc.so.6 (0x00777000) /lib/ld-linux.so.2 (0x00755000) e. Extract the archive 'bash_lib.tar' to directory '$HOME/tmp/bash_lib' . Then copy the bash binary and the library files to their respective locations: # tar xvf $HOME/tmp/bash_lib # cp $HOME/tmp/bash_lib/bash/bash $HOME/tmp/temp-toolkit/bin # cp $HOME/tmp/bash_lib/lib/* $HOME/tmp/temp-toolkit/lib f. Create the updated toolkit gzipped archive file and place in /usr/share/systemimager/boot/i386/standard # tar czvf toolkit.tar.gz * # cp toolkit.tar.gz /usr/share/systemimager/boot/i386/standard HISTORY Version:1 (rev.1) - 2 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlTP2EgACgkQ4B86/C0qfVnMkQCg8yH4xRTp9ahC3s4vDiCBmKiV JTwAoPl3SC09DPRWwo1zluDWFF1OfMtA =w7+V -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2380-1 October 09, 2014 bash vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Bash. Software Description: - bash: GNU Bourne Again SHell Details: Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. (CVE-2014-6277, CVE-2014-6278) Please note that the previous Bash security update, USN-2364-1, includes a hardening measure that prevents these issues from being used in a Shellshock attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.5 Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.6 Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.5 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2380-1 CVE-2014-6277, CVE-2014-6278 Package Information: https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.5 https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.6 https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.5 . HP Product Firmware Version HP StoreEver ESL G3 Tape Libraries with MCB version 2 680H_GS40701 HP StoreEver ESL G3 Tape Libraries with MCB version 1 656H_GS10801 The firmware is customer installable and is available in the Drivers, Software & Firmware section at the following location: http://www.hp.com/support/eslg3 Notes: - Updating the library firmware requires a reboot of the library. - Disable DHCP and only use static IP addressing. No other firmware stream updates are planned beyond the NX-OS 5.x and 6.x versions listed below for the MDS products. This software versions 6.2(9a) has included the fixes for the vulnerability in HP StoreFabric C-series MDS switches which currently supporting NX-OS 6.X releases. This software version 5.2(8e) has included the fix for the vulnerability in HP C-series MDS switches which currently supporting NX-OS 5.X releases. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. Open the PXE Configuration Utility on the HP Insight Control server deployment window Select Linux Managed from the Boot Menu options Click the Edit button. Clicking the Edit button displays the Edit Shared Menu Option window Uncheck the x86 option in Operating System and Processor Options and click OK. This bulletin will be revised when the update is available. MITIGATION INFORMATION HP recommends the following steps to reduce the risk of this vulnerability: - Place the HP StoreFabric H-series switch and other data center critical infrastructure behind a firewall to disallow access from the Internet. - Change all HP StoreFabric switch default account passwords, including the root passwords, from the default factory passwords. - Examine the list of accounts, including ones on the switch and those existing on remote authentication servers such as RADIUS, LDAP, and TACAS+, to ensure only necessary personnel can gain access to HP StoreFabric H-series switches. Delete guest accounts and temporary accounts created for one-time usage needs. - To avoid possible exploit through the embedded web GUI, QuickTools, disable the web server with the following procedure: NOTE: After completing this procedure, the user will not be able to manage the switch using QuickTools. Login to the Command Line Interface (CLI). Execute the "admin start" command to enter into an admin session. Execute the "set setup services" command and change setting for EmbeddedGUIEnabled to "False". NOTE: This vulnerability can only be exploited if the attacker already has valid administrative login credentials. Note: All versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by these vulnerabilities. Following is a complete list of affected operating systems and Hardware Platforms Affected. HP ThinPro: HP ThinPro 5.0 (released June 2014) HP ThinPro 4.4 (released November 2013) HP ThinPro 4.3 (released June 2013) HP ThinPro 4.2 (released November 2012) HP ThinPro 4.1 (released March 2012) HP ThinPro 3.2 (released November 2010) HP ThinPro 3.1 (released June 2010) HP ThinPro 3.0 (released November 2009) HP ThinPro 2.0 (released 2009) HP ThinPro 1.5 (released 2009) HP ThinPro 1.0 (released 2008) HP Smart Zero Core: HP Smart Zero Core 5.0 (released June 2014) HP Smart Zero Core 4.4 (released November 2013) HP Smart Zero Core 4.3 (released June 2013) HP Smart Zero Core 4.2 (released November 2012) HP Smart Zero Core 4.1 (released March 2012) HP Smart Zero Core 4.0 (released March 2011) Hardware Platforms Affected: HP t620 PLUS Flexible Quad Core Thin Client HP t620 Flexible Dual Core Thin Client HP t620 PLUS Flexible Dual Core Thin Client HP t620 Flexible Quad Core Thin Client HP t520 Flexible Thin Client HP t505 Flexible Thin Client HP t510 Flexible Thin Client HP t410 All-in-One 18.5 RFX/HDX Smart ZC HP t410 Smart Zero Client HP t610 PLUS Flexible Thin Client HP t610 Flexible Thin Client HP t5565 Thin Client HP t5565z Smart Client BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2104-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2104-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software updates to resolve these vulnerabilities. Product Affected Product Versions Patch Status HP ThinPro and HP Smart Zero Core (X86) v5.1.0 and above No update required; the Bash shell patch is incorporated into the base image. Note: If you participated in the ThinPro 5.1.0 beta program then upgrade to the release version as soon as it becomes available. HP ThinPro and HP Smart Zero Core (x86) v5.0.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-5.0-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_i386.deb . HP ThinPro and HP Smart Zero Core (ARM) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_armel.deb

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. HP StoreEver ESL E-series Tape Library - Disable DHCP and only use static IP addressing. HP Virtual Library System (VLS) - Disable DHCP and only use static IP addressing. HP Vertica AMI's and Virtual Machines prior to v7.1.1-0. HP has released the following updates to resolve this vulnerability for HP Vertica products. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2014 Hewlett-Packard Development Company, L.P. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. Here are the details from the Slackware 13.0 ChangeLog: +--------------------------+ patches/packages/bash-3.1.018-i486-3_slack13.0.txz: Rebuilt. The patch for CVE-2014-7169 needed to be rebased against bash-3.1 in order to apply correctly. Thanks to B. Watson for the bug report. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.018-i486-3_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.018-x86_64-3_slack13.0.txz MD5 signatures: +-------------+ Slackware 13.0 package: 17fe761daf847490e6286a6c59abd913 bash-3.1.018-i486-3_slack13.0.txz Slackware x86_64 13.0 package: 7eb0a4741287042658487f2b6089a4c5 bash-3.1.018-x86_64-3_slack13.0.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bash-3.1.018-i486-3_slack13.0.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 https://rhn.redhat.com/errata/RHSA-2014-1306.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 068bf5e3fe869e91b3583b7ddba7e9eb mbs1/x86_64/bash-4.2-48.1.mbs1.x86_64.rpm 5cf0895151bdace021fc9e0dbcf4a10a mbs1/x86_64/bash-doc-4.2-48.1.mbs1.x86_64.rpm 0f77090a686587530eed163e54191c2f mbs1/SRPMS/bash-4.2-48.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUJRNlmqjQ0CJFipgRAreUAJ9PQj8Pp1c9mBgoINCmnghEoUrDYgCfSP4i S0wloutlv8C/wANhgGvfRWw= =o6ex -----END PGP SIGNATURE----- . HP 3PAR Service Processor (SP) versions prior to SP-4.1.0.GA-97.P011, SP-4.2.0.GA-29.P003, and SP-4.3.0.GA-17.P001. Relevant releases/architectures: RHEV-M 3.4 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. This bulletin will be revised when the updates are available. MITIGATION INFORMATION HP recommends the following steps to reduce the risk of this vulnerability: - The "ssh" or "telnet" features may be disabled by the admin user. All MDS and Nexus 5K switches can function in this configuration. Access is available through the console port. -----BEGIN PGP SIGNED MESSAGE----- CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. The CA Technologies Enterprise Information Security team has led a global effort to identify and remediate systems and products discovered with these vulnerabilities. We continue to patch our systems as fixes become available, and we are providing fixes for affected CA Technologies products. CA Technologies continues to aggressively scan our environments (including servers, networks, external facing applications, and SaaS environments) to proactively monitor, identify, and remediate any vulnerability when necessary. Risk Rating High Platform AIX Android (not vulnerable, unless rooted) Apple iOS (not vulnerable unless jailbroken) Linux Mac OS X Solaris Windows (not vulnerable unless Cygwin or similar ported Linux tools with Bash shell are installed) Other UNIX/BSD based systems if Bash is installed Any other OS or JeOS that utilizes Bash Affected Products The following products have been identified as potentially vulnerable, and we have made fixes available for all of these products. CA API Management (Linux appliance only) CA Application Performance Management (TIM is the only affected APM component) CA Application Performance Management Cloud Monitor CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM) CA Layer 7 products (API Gateway, Mobile Access Gateway, API Management Portal) CA User Activity Reporting Module (Enterprise Log Manager) Note: This security notice will be updated if other CA Technologies products are determined to be vulnerable. In most cases, the Bash vulnerabilities will need to be patched by OS vendors. Exceptions may include CA Technologies appliances, and software products that include Linux, UNIX or Mac OS X based operating systems (that include Bash). Affected Components CentOS Cygwin GNU Bash Red Hat Enterprise Linux SUSE Linux Non-Affected Products IMPORTANT NOTE: This listing includes only a small subset of the unaffected CA Technologies products. We're including unaffected products that customers have already inquired about. While the following CA Technologies products are not directly affected by the Bash vulnerabilities, the underlying operating systems that CA Technologies software is installed on may be vulnerable. We strongly encourage our customers to follow the recommendations provided by their vendors for all operating systems they utilize. All CA SaaS / On Demand products were either not vulnerable or have already been patched. CA AHS / PaymentMinder - AHS App is not vulnerable. The AHS app does not execute CGI scripts, or spawn or execute shell commands from within the app. AHS infrastructure already patched. CA Asset Portfolio Management CA AuthMinder (Arcot WebFort) CA AuthMinder for Business Users CA AuthMinder for Consumers CA AutoSys products - We use the bash shell that comes with the operating system and the customer is responsible for patching their OS. Additionally, the agents themselves do not distribute any scripts that use bash. CA Clarity On Demand CA CloudMinder - CloudMinder does not include the Bash Shell in BoM, or use it, but because we are deployed on RHEL, customers may be indirectly affected. Customers using RHEL should apply patches provided by Red Hat. CA Console Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA ControlMinder CA DataMinder (formerly DLP) products – Software and appliance confirmed not vulnerable. Note: Linux Agents shipped, but no public SSH or Web apps are used in these agents. Customers should patch bash shell on any Linux server with DataMinder agents. DataMinder agents should continue to function normally. CA Digital Payments SaaS (previously patched) CA Directory CA eCommerce SaaS / On Demand (previously patched) CA Endevor Software Change Manager CA Federation (formerly SiteMinder Federation) CA GovernanceMinder CA IdentityMinder CA Infrastructure Management CA JCLCheck CA Job Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA NetQoS GigaStor Observer Expert CA Network Flow Analysis CA Performance Management for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA RiskMinder CA Service Desk Manager CA Service Operations Insight (SOI) CA SiteMinder CA SOLVE:Access CA Spectrum for Linux - Not vulnerable. Be sure to apply bash fixes from your underlying operating system vendor. CA Strong Authentication CA System Watchdog for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA Top Secret CA Universal Job Management Agent for OpenVMS - Our OpenVMS products do not bundle bash, and they do not supply bash scripts; we use nothing but the native DCL CLI. CA Virtual Assurance for Infrastructure Managers (VAIM) Solution CA Technologies has issued the following fixes to address the vulnerabilities. CA API Management: Patches for Linux appliance are available through CA Support to customers of Gateway (applicable for all versions – 6.1.5, 6.2, 7.0, 7.1, 8.0, 8.1, 8.1.1, 8.1.02). CA Application Performance Management: KB article for APM TIM has been published. APM TIM is the only part of APM that was affected. Refer to TEC618037. CA Application Performance Management Cloud Monitor: New images are available for subscribers. Download the latest OPMS version 8.2.1.5. For assistance, contact CA Support. CA Customer Experience Manager (CEM) Transaction Impact Monitor (TIM): Very low risk. 9.6 is not affected. 9.5 Installation uses Bash. We do not use Bash at all for the CEM operating system that we have shipped in the past. This means that customers who patch the OS will not impact the ability of the CEM TIMsoft from operating. However prior to version 9.6, the TIM installation script does use the bash shell. See new KB article TEC618037 for additional information. CA Layer 7 (API Gateway, Mobile Access Gateway, API Management Portal): Fixes for all Bash vulnerabilities and a security bulletin are available on the Layer 7 Support website. CA User Activity Reporting Module (Enterprise Log Manager): All 12.5 and 12.6 GA versions are potentially affected. Patches provided on 2014-09-30. To get the patch, use the OS update functionality to get the latest R12.6 SP1 subscription update. Note that you can update R12.5 SPx with the R12.6 SP1 OS update. For assistance, contact CA Support. Workaround None To help mitigate the risk, we do strongly encourage all customers to follow patch management best practices, and in particular for operating systems affected by the Bash Shellshock vulnerabilities. References CVE-2014-6271 - Bash environment variable command injection CVE-2014-7169 - Bash environment variable incomplete fix for CVE-2014-6271 CVE-2014-7186 - Bash parser redir_stack memory corruption CVE-2014-7187 - Bash nested flow control constructs off-by-one CVE-2014-6277 - Bash untrusted pointer use uninitialized memory CVE-2014-6278 - Bash environment variable command injection CA20141001-01: Security Notice for Bash Shellshock Vulnerability https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Change History v1.0: 2014-10-01, Initial Release v1.1: 2014-10-02, Added AuthMinder, Strong Authentication, VAIM, Clarity OD, All SaaS/OD products to list of Non-Affected Products. v1.2: 2014-10-03, Added RiskMinder to Non-Affected Products. Updated UARM solution info. If additional information is required, please contact CA Technologies Support at https://support.ca.com. If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln@ca.com. PGP key: support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Security Notices https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Ken Williams Director, Product Vulnerability Response Team CA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com Ken.Williams@ca.com | vuln@ca.com Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15238) Charset: utf-8 wsBVAwUBVDK+PZI1FvIeMomJAQFl/Af/TqrSE/h4r3gs9PwrWKdt21PCRI3za9Lx M5ZyTdVDIQ9ybgPkLqsovNRPgVqd7zwDHsx0rzvF5Y82uO+vQ63BuEV2GnczAax/ EiAW4WVxUgWG+lAowGV55Of8ruv/gOiAWTjFhkqpsyVg96ZMw2HLG62IwZL1j0qa oLCu0y3VrGvqH0g2hi75QwHAjNCdlEsD4onUqTCc9cRTdLwFCZrUQ8KTrqIL7LK5 Uo5T9C1UeAyNTo3KiJ/zw3BCOTkpl99dmg3NW0onU/1r1CXdlyS7opLB+GJ+xGwP xRQdUsOIhzfRzx7bsao2D43IhDnzJBBFJHdeMPo18WBTfJ7aUgBwGQ== =B62b -----END PGP SIGNATURE----- . Existing users may upgrade to HP OneView version 1.20 using the Update Appliance feature in HP OneView. Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bash security update Advisory ID: RHSA-2014:1306-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1306.html Issue date: 2014-09-26 CVE Names: CVE-2014-7169 ===================================================================== 1. Summary: Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) Applications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223 Note: Docker users are advised to use "yum update" within their containers, and to commit the resulting changes. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bash-3.2-33.el5_11.4.src.rpm i386: bash-3.2-33.el5_11.4.i386.rpm bash-debuginfo-3.2-33.el5_11.4.i386.rpm x86_64: bash-3.2-33.el5_11.4.x86_64.rpm bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bash-3.2-33.el5_11.4.src.rpm i386: bash-3.2-33.el5_11.4.i386.rpm bash-debuginfo-3.2-33.el5_11.4.i386.rpm ia64: bash-3.2-33.el5_11.4.i386.rpm bash-3.2-33.el5_11.4.ia64.rpm bash-debuginfo-3.2-33.el5_11.4.i386.rpm bash-debuginfo-3.2-33.el5_11.4.ia64.rpm ppc: bash-3.2-33.el5_11.4.ppc.rpm bash-debuginfo-3.2-33.el5_11.4.ppc.rpm s390x: bash-3.2-33.el5_11.4.s390x.rpm bash-debuginfo-3.2-33.el5_11.4.s390x.rpm x86_64: bash-3.2-33.el5_11.4.x86_64.rpm bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-4.1.2-15.el6_5.2.i686.rpm bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm x86_64: bash-4.1.2-15.el6_5.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm bash-doc-4.1.2-15.el6_5.2.i686.rpm x86_64: bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm bash-doc-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm x86_64: bash-4.1.2-15.el6_5.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm x86_64: bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm bash-doc-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-4.1.2-15.el6_5.2.i686.rpm bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm ppc64: bash-4.1.2-15.el6_5.2.ppc64.rpm bash-debuginfo-4.1.2-15.el6_5.2.ppc64.rpm s390x: bash-4.1.2-15.el6_5.2.s390x.rpm bash-debuginfo-4.1.2-15.el6_5.2.s390x.rpm x86_64: bash-4.1.2-15.el6_5.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm bash-doc-4.1.2-15.el6_5.2.i686.rpm ppc64: bash-debuginfo-4.1.2-15.el6_5.2.ppc64.rpm bash-doc-4.1.2-15.el6_5.2.ppc64.rpm s390x: bash-debuginfo-4.1.2-15.el6_5.2.s390x.rpm bash-doc-4.1.2-15.el6_5.2.s390x.rpm x86_64: bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm bash-doc-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-4.1.2-15.el6_5.2.i686.rpm bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm x86_64: bash-4.1.2-15.el6_5.2.x86_64.rpm bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: bash-4.1.2-15.el6_5.2.src.rpm i386: bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm bash-doc-4.1.2-15.el6_5.2.i686.rpm x86_64: bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm bash-doc-4.1.2-15.el6_5.2.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: bash-4.2.45-5.el7_0.4.src.rpm x86_64: bash-4.2.45-5.el7_0.4.x86_64.rpm bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm bash-doc-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bash-4.2.45-5.el7_0.4.src.rpm x86_64: bash-4.2.45-5.el7_0.4.x86_64.rpm bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm bash-doc-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bash-4.2.45-5.el7_0.4.src.rpm ppc64: bash-4.2.45-5.el7_0.4.ppc64.rpm bash-debuginfo-4.2.45-5.el7_0.4.ppc64.rpm s390x: bash-4.2.45-5.el7_0.4.s390x.rpm bash-debuginfo-4.2.45-5.el7_0.4.s390x.rpm x86_64: bash-4.2.45-5.el7_0.4.x86_64.rpm bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bash-debuginfo-4.2.45-5.el7_0.4.ppc64.rpm bash-doc-4.2.45-5.el7_0.4.ppc64.rpm s390x: bash-debuginfo-4.2.45-5.el7_0.4.s390x.rpm bash-doc-4.2.45-5.el7_0.4.s390x.rpm x86_64: bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm bash-doc-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bash-4.2.45-5.el7_0.4.src.rpm x86_64: bash-4.2.45-5.el7_0.4.x86_64.rpm bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-7169.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1200223 8. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 2 HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-09-30 Last Updated: 2014-11-11 Potential Security Impact: Remote code execution Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. NOTE: The vCAS product is vulnerable only if DHCP is enabled. References: CVE-2014-6271 CVE-2014-7169 SSRT101724 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. All vCAS versions prior to 14.10-38402 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following updates available to resolve the vulnerability in HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. Customers should upgrade their vCAS systems using the web UI or the "casupdate" command. There are also new VirtualBox and VMware ESX images available: - VMware ESX/ESXi image: https://h20529.www2.hp.com/apt/hp-rdacas-14.10-38402.ova - VirtualBox image: https://h20529.www2.hp.com/apt/hp-rdacas-14.10-38402-vbox.ova NOTE: - HP recommends to not power-down or disconnect the vCAS until the update is available. - The vCAS pulls down the latest updates from HP by using Ubuntus apt-get facility. - HP does not push updates out on to the vCAS so customers will have to be proactive and install the latest updates. Actions Required The DHCP exploit can be mitigated by ensuring that DHCP is disabled on the vCAS as detailed in MITIGATION INFORMATION below. Download updates by using a web browser: 1. Connect to the vCAS and login as hp-admin 2. Go to Tools -> Software Updates 3. Under "Manual Actions" select Check now and then upgrade now See HP Remote Device Access vCAS User Guide, Chapter 4, Software Updates for more details: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/action.pro cess/public/psi/manualsDisplay/?sp4ts.oid=4256914&javax.portlet.action=true&s pf_p.tpst=psiContentDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken &spf_p.prp_psiContentDisplay=wsrp-interactionState%3DdocId%253Demr_na-c033816 86%257CdocLocale%253Den_US&javax.portlet.endCacheTok=com.vignette.cachetoken MITIGATION INFORMATION A Shellshock attack requires the definition of an environment variable introduced into Bash. The vCAS has three attack vectors: SSH, the lighttpd web server, and the DHCP client. - The exploit does not elevate privileges. The DHCP client uses Bash scripts and is vulnerable to Shellshock. The DHCP exploit can be mitigated by ensuring that DHCP is disabled on the vCAS. Note: HP strongly discourages the use of DHCP on the vCAS. The web UI forces the vCAS user to assign a static IP address and change the hp-admin password. A vCAS user must manually configure DHCP for use on the vCAS. A vCAS user can verify that DHCP is disabled by inspecting the file "/etc/network/interfaces" and ensuring that the "iface" line for device "eth0" is set for a static IP. Example of a static IP configuration: # The primary network interface auto eth0 iface eth0 inet static address 172.27.1.68 netmask 255.255.255.0 gateway 172.27.1.1 HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Version:2 (rev.2) - 11 November 2014 Software updates available Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Note: All versions of HP Thin Pro and HP Smart Zero Core operating systems prior to version 5.1.0 are affected by these vulnerabilities. Following is a complete list of affected operating systems and Hardware Platforms Affected. Product Affected Product Versions Patch Status HP ThinPro and HP Smart Zero Core (X86) v5.1.0 and above No update required; the Bash shell patch is incorporated into the base image. Note: If you participated in the ThinPro 5.1.0 beta program then upgrade to the release version as soon as it becomes available. HP ThinPro and HP Smart Zero Core (x86) v5.0.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-5.0-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (x86) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.4.x A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.4-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-x86.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (ARM) v4.1, v4.2, and v4.3 A component update is currently available through Easy Update as: SecurityUpdate-Shellshock-2.0-all-4.1-4.2-4.3-arm.xar . The update can be also downloaded directly from HP as part of softpaq sp69382 at the following address: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe HP ThinPro and HP Smart Zero Core (X86) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_i386.deb . HP ThinPro and HP Smart Zero Core (ARM) v3.1, v3.2, and v3.3 Download softpaq sp69382 from: ftp://ftp.hp.com/pub/softpaq/sp69001-69500/sp69382.exe which contains an update package as: bash_4.1-3+deb6u2_armel.deb