====== CVE-2014-6271 GNU bash Shell Multiple Vulnerabilities ======
Related CVE
  * CVE-2014-6271
  * CVE-2014-7169
  * CVE-2014-7186
  * CVE-2014-7187

===== Further Reading =====
  * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271]]
  * [[http://timhsu.chroot.org/2014/10/bash-shellshock.html|提姆大師 - BASH ShellShock 漏洞分析(非常詳細的一篇！)]]
  * [[http://devco.re/blog/2014/09/30/shellshock-CVE-2014-6271/|DevCore - Shellshock (Bash CVE-2014-6271) 威脅仍在擴大中，但無需過度恐慌]]
  * [[http://tdohacker.org/posts/234933-cve-2014-6271-vulnerability-more-serious-than-heartbleed|TDOHacker - 比HeartBleed Bug 更嚴重的漏洞]]
  * [[http://blog.longwin.com.tw/2014/09/cve-2014-6271-bash-remote-code-execution-2014/|Tsung-Hao Lee - CVE-2014-6271 - Bash 遠端執行的安全漏洞]]
  * [[http://seclists.org/oss-sec/2014/q3/650]]

===== About Networking Vendors =====
  * 查表前有幾個前提 Assumptions consistent before reading
    * 有些 Vendor 雖然有使用到出問題的 Bash，但是由於沒有觸發環境，故其並未受到影響
      * Some of product have using bash, but there were not trigger condition.
    * 部分 Vendor 產品非常的多，故只要有任一產品受影響即掛為 Yes
      * Some of vendor may had many product lines, any one of their product to be vulnerable, it will mark "Yes" in "Vulnerable" field.
    * 因為我只列網路相關產品，其管理介面並不同於使用者端，故我預設所有機器皆為固定 IP， DHCP 問題暫不予考慮
      * According to networking product lines characteristic, the management interface property different with end user environment, I suppose that all unit using static address, there are no DHCP at all.

^ Vendor      ^ Vulnerable     ^ Using Affected Bash ^ Announcement       ^ Announce Date ^
| A10  | No | Yes |[[https://www.a10networks.com/support-axseries/A10-Shellshock_Bash_CVE-2014-6271.pdf|A10 Support(login required)]] | 2014-09-27 |
| Arbor Networks | No | Yes | [[https://arbor.custhelp.com/app/answers/detail/a_id/2528|Internal Field(login required)]] | 2014-09-27 |
| Arista Networks | Yes | Yes | [[http://www.arista.com/en/support/security-advisories/1008-security-advisory-0006|Security Advisory]] | 2014-09-29 |
| Aruba Networks | No | Yes | [[http://www.arubanetworks.com/support/alerts/aid-09252014.txt|Aruba Alert]] | 2014-09-25 |
| Avaya | Yes | Yes | [[https://support.avaya.com/helpcenter/getGenericDetails?detailId=C2014926131554370002|Avaya Security Advisories]] | 2014-10-01|
| BlueCoat  | Yes | Yes | [[https://kb.bluecoat.com/index?page=content&id=SA82|BlueCoat KB]] | 2014-09-25 |
| Brocade | Yes | Yes | [[http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-bashabug-vulnerability.pdf|Brocade]] | 2014-09-29 |
| Cellopoint | No | Yes | [[http://www.cellopoint.com/tw/media_resources/news/20140930|Cellopoint News]] | 2014-09-30 |
| CheckPoint | No | Yes | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673|CheckPoint]] | 2014-09-25 |
| Cisco | Yes | Yes | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash|Cisco]] | 2014-09-26 |
| Dlink | Being Confirmed…  || | |
| Enterasys (Part of Extreme) | Yes | Yes | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2014-001-%20GNU%20Bash%20Threats%20-CVE-2014-7169%20rev01.pdf/|Extreme eSupport]] | 2014-09-25 |
| Extreme Networks | No | No | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2014-001-%20GNU%20Bash%20Threats%20-CVE-2014-7169%20rev01.pdf/|Extreme eSupport]] | 2014-09-25 |
| F5 | Yes | Yes | [[http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html|F5]] | 2014-09-25 |
| FireEye | Yes | Yes | [[http://www.fireeye.com/support/support-notices.html|FireEye]] | 2014-09-25 |
| Fortinet | Yes | Yes | [[http://www.fortiguard.com/advisory/FG-IR-14-030/|FortiGuard]] | 2014-09-25 |
| iMPERVA | No | Yes | [[http://www.imperva.com/services/adc_advisories_response_shellshock_CVE_2014_6271| iMPERVA]] | 2014-09-25 |
| Juniper | Yes | Yes | [[http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS|Juniper KB]]  | 2014-09-25 |
| McAfee | Yes | Yes | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10085|McAfee]] | 2014-09-29 | 
| NetAxle | No | Yes | Response from vendor | -- |
| Palo Alto | No | Yes | [[https://securityadvisories.paloaltonetworks.com/|Palo Alto]] | 2014-09-24 |
| Radware | Yes | Yes | [[http://security.radware.com/SiteCode/Templates/template_1_1_2%282x1%29_1.aspx?pageid=105&id=620|Emergency Response]] | 2014-09-26 |
| Ruckus Wireless | Yes | Yes | [[http://www.ruckuswireless.com/security|Ruckus Security]] | 2014-09-29 |
| Silver Peak | No | Yes | Internal Document | 2014-09-24 |
| Sophers | No | Yes | [[http://www.sophos.com/en-us/support/knowledgebase/121444.aspx|Sophers]] | 2014-09-29 |
| Sourcefire (Part of Cisco) | | | Check Cisco | |
| Splunk | Yes | Yes | [[http://www.splunk.com/view/SP-CAAANJN| Splunk Answers ]]  | 2014-09-29 |
| TippingPoint | Yes(Only NGFW) | Yes | Internal Document | 2014-09-30 |
| VMware | Yes | Yes | [[http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740|VMware KB]] | 2014-09-26 |
| Websense | No | Yes | [[http://www.websense.com/support/article/kbarticle/BASH-Shellshock-CVE-2014-6271|Websense ]] | 2014-09-25 |

===== Best Practices =====
  * To be continued...