CVE-2014-6271 GNU bash Shell Multiple Vulnerabilities

Related CVE

  • CVE-2014-6271
  • CVE-2014-7169
  • CVE-2014-7186
  • CVE-2014-7187

Further Reading

About Networking Vendors

  • 查表前有幾個前提 Assumptions consistent before reading
    • 有些 Vendor 雖然有使用到出問題的 Bash,但是由於沒有觸發環境,故其並未受到影響
      • Some of product have using bash, but there were not trigger condition.
    • 部分 Vendor 產品非常的多,故只要有任一產品受影響即掛為 Yes
      • Some of vendor may had many product lines, any one of their product to be vulnerable, it will mark “Yes” in “Vulnerable” field.
    • 因為我只列網路相關產品,其管理介面並不同於使用者端,故我預設所有機器皆為固定 IP, DHCP 問題暫不予考慮
      • According to networking product lines characteristic, the management interface property different with end user environment, I suppose that all unit using static address, there are no DHCP at all.
Vendor Vulnerable Using Affected Bash Announcement Announce Date
A10 No Yes A10 Support(login required) 2014-09-27
Arbor Networks No Yes Internal Field(login required) 2014-09-27
Arista Networks Yes Yes Security Advisory 2014-09-29
Aruba Networks No Yes Aruba Alert 2014-09-25
Avaya Yes Yes Avaya Security Advisories 2014-10-01
BlueCoat Yes Yes BlueCoat KB 2014-09-25
Brocade Yes Yes Brocade 2014-09-29
Cellopoint No Yes Cellopoint News 2014-09-30
CheckPoint No Yes CheckPoint 2014-09-25
Cisco Yes Yes Cisco 2014-09-26
Dlink Being Confirmed…
Enterasys (Part of Extreme) Yes Yes Extreme eSupport 2014-09-25
Extreme Networks No No Extreme eSupport 2014-09-25
F5 Yes Yes F5 2014-09-25
FireEye Yes Yes FireEye 2014-09-25
Fortinet Yes Yes FortiGuard 2014-09-25
iMPERVA No Yes iMPERVA 2014-09-25
Juniper Yes Yes Juniper KB 2014-09-25
McAfee Yes Yes McAfee 2014-09-29
NetAxle No Yes Response from vendor
Palo Alto No Yes Palo Alto 2014-09-24
Radware Yes Yes Emergency Response 2014-09-26
Ruckus Wireless Yes Yes Ruckus Security 2014-09-29
Silver Peak No Yes Internal Document 2014-09-24
Sophers No Yes Sophers 2014-09-29
Sourcefire (Part of Cisco) Check Cisco
Splunk Yes Yes Splunk Answers 2014-09-29
TippingPoint Yes(Only NGFW) Yes Internal Document 2014-09-30
VMware Yes Yes VMware KB 2014-09-26
Websense No Yes Websense 2014-09-25

Best Practices

  • To be continued…
cve/cve-2014-6271.txt · 上一次變更: 2014/10/16 09:43 由 jal
上一頁 | 下一頁 | 回首頁 | RSS Feed | Facebook