Operating System:

[Appliance]

Published:

26 September 2014

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2014.0110 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0110
   A vulnerability in GNU bash has been identified in Tenable Appliance
                             26 September 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Appliance
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-6271 CVE-2014-7169 
Member content until: Sunday, October 26 2014
Reference:            ESB-2014.1673
                      ESB-2014.1672
                      ESB-2014.1671
                      ESB-2014.1670
                      ESB-2014.1669
                      ESB-2014.1668
                      ESB-2014.1660
                      ESB-2014.1659
                      ESB-2014.1657

OVERVIEW

        A vulnerability in GNU bash has been identified in Tenable Appliance
        versions 2.4.1, 2.6.1, 2.6.2, 2.8.0, and 2.8.1. [1]


IMPACT

        The vendor has provided the following details regarding this issue:
        
        "GNU bash contains a flaw that is triggered when evaluating 
        environment variables passed from another environment. After 
        processing a function definition, bash continues to process trailing
        strings. Via certain applications, a local or remote attacker may 
        inject shell commands, allowing local privilege escalation or remote
        command execution depending on the application vector.
        
        The Tenable Appliance has been determined to be affected via the 
        DHCP client that is run when configured to use DHCP for network 
        configuration information on any interface. As of this advisory, 
        this is the only known way to provide environment variables that 
        would affect bash." [1]


MITIGATION

        At present no patch is available to correct the issue, however 
        Tenable has provided the following workaround/mitigation:
        
        "Tenable has determined a temporary workaround that mitigates both 
        the base issue and attack variants. Until GNU provides a proper 
        patch, Tenable recommends that DHCP temporarily be disabled. This 
        can be done by following these steps:
        
        1. Open the Appliance Web UI and login as an administrator 
        2. Navigate to the 'Networking' page 
        3. For any active interface, set 'Use DHCP' to 'No' 
        4. Configure a static IP address to access the Appliance 
        5. Unused interfaces should be left 'Disabled'" [1]


REFERENCES

        [1] [R1] GNU bash 'Shellshock' Vulnerability Affects Tenable Appliance
            http://www.tenable.com/security/tns-2014-07

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVCTnTBLndAQH1ShLAQLBRg/9E/4vfcevTb3sfmUr5zO9bdQE8OhuBj/1
pubLXii62TG6E2OaRCQBWcCdFqnLrlIWcsbR0Nde7jK3X3JTq+mXtslDYugRQmb3
DPpxXlWAjQNLFy2PvAdpDQeZVLu64M0ym/XVCQUs9xQhZJ99IMYrr5mWd5+AwwQI
yFTYiataLlAMm+PgR4iY76LX5ZHQ0HDUpZ+/PNg2WtU8xAR2oCwd46jGnL9ZcO6c
fISRUjyvCWy7CWeVV0YamH0jLX/C05qYVDlBnFW+vZNElKdI+FHz1RfeEa4nc6Nf
xPHG31Q7I/X5k5UhyQxG9W9QPduSy54qNQF6FTtPcMxIe7Zh8fjaqiINTBoSk8H4
yITjTrM85lRNI0/x3waaYJbBY1g8TzcYvXhmgUHmvoHEfrZYoPznquNp6FUT9LnU
fnbjhPv541fXToB0JQ+/h+Eh92BSzliT2sniG2oZyN+dWypcgdsqD1lhdO2pxWbE
1rhlP62/7TFowkV5DkiVW6vV9EapI2tcjAccgUtYf655HbpMxUUL4BHBfJRe3xDp
L/JYc//TpnIR7uAMDH7lwt8RC2RMwsRmRnKvrSZr8ytpdeSssVaF2F0GrjG0IK5N
0e1WN4c/sf5h+1c9XeWylFpDGEhnrVSEXNsJlct7FjZeeCqzztKDFLdJtMm/BIc8
yt3AMmZyqbA=
=3K8v
-----END PGP SIGNATURE-----