26 September 2014
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0110 A vulnerability in GNU bash has been identified in Tenable Appliance 26 September 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Appliance Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-6271 CVE-2014-7169 Member content until: Sunday, October 26 2014 Reference: ESB-2014.1673 ESB-2014.1672 ESB-2014.1671 ESB-2014.1670 ESB-2014.1669 ESB-2014.1668 ESB-2014.1660 ESB-2014.1659 ESB-2014.1657 OVERVIEW A vulnerability in GNU bash has been identified in Tenable Appliance versions 2.4.1, 2.6.1, 2.6.2, 2.8.0, and 2.8.1.  IMPACT The vendor has provided the following details regarding this issue: "GNU bash contains a flaw that is triggered when evaluating environment variables passed from another environment. After processing a function definition, bash continues to process trailing strings. Via certain applications, a local or remote attacker may inject shell commands, allowing local privilege escalation or remote command execution depending on the application vector. The Tenable Appliance has been determined to be affected via the DHCP client that is run when configured to use DHCP for network configuration information on any interface. As of this advisory, this is the only known way to provide environment variables that would affect bash."  MITIGATION At present no patch is available to correct the issue, however Tenable has provided the following workaround/mitigation: "Tenable has determined a temporary workaround that mitigates both the base issue and attack variants. Until GNU provides a proper patch, Tenable recommends that DHCP temporarily be disabled. This can be done by following these steps: 1. Open the Appliance Web UI and login as an administrator 2. Navigate to the 'Networking' page 3. For any active interface, set 'Use DHCP' to 'No' 4. Configure a static IP address to access the Appliance 5. Unused interfaces should be left 'Disabled'"  REFERENCES  [R1] GNU bash 'Shellshock' Vulnerability Affects Tenable Appliance http://www.tenable.com/security/tns-2014-07 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVCTnTBLndAQH1ShLAQLBRg/9E/4vfcevTb3sfmUr5zO9bdQE8OhuBj/1 pubLXii62TG6E2OaRCQBWcCdFqnLrlIWcsbR0Nde7jK3X3JTq+mXtslDYugRQmb3 DPpxXlWAjQNLFy2PvAdpDQeZVLu64M0ym/XVCQUs9xQhZJ99IMYrr5mWd5+AwwQI yFTYiataLlAMm+PgR4iY76LX5ZHQ0HDUpZ+/PNg2WtU8xAR2oCwd46jGnL9ZcO6c fISRUjyvCWy7CWeVV0YamH0jLX/C05qYVDlBnFW+vZNElKdI+FHz1RfeEa4nc6Nf xPHG31Q7I/X5k5UhyQxG9W9QPduSy54qNQF6FTtPcMxIe7Zh8fjaqiINTBoSk8H4 yITjTrM85lRNI0/x3waaYJbBY1g8TzcYvXhmgUHmvoHEfrZYoPznquNp6FUT9LnU fnbjhPv541fXToB0JQ+/h+Eh92BSzliT2sniG2oZyN+dWypcgdsqD1lhdO2pxWbE 1rhlP62/7TFowkV5DkiVW6vV9EapI2tcjAccgUtYf655HbpMxUUL4BHBfJRe3xDp L/JYc//TpnIR7uAMDH7lwt8RC2RMwsRmRnKvrSZr8ytpdeSssVaF2F0GrjG0IK5N 0e1WN4c/sf5h+1c9XeWylFpDGEhnrVSEXNsJlct7FjZeeCqzztKDFLdJtMm/BIc8 yt3AMmZyqbA= =3K8v -----END PGP SIGNATURE-----