| 下次修改 | 前次修改
|
| cve:cve-2014-6271 [2014/09/30 09:23] – 建立 jal | cve:cve-2014-6271 [2014/10/16 09:43] (目前版本) – jal |
|---|
| * CVE-2014-7186 | * CVE-2014-7186 |
| * CVE-2014-7187 | * CVE-2014-7187 |
| | |
| | ===== Further Reading ===== |
| | * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271]] |
| | * [[http://timhsu.chroot.org/2014/10/bash-shellshock.html|提姆大師 - BASH ShellShock 漏洞分析(非常詳細的一篇!)]] |
| | * [[http://devco.re/blog/2014/09/30/shellshock-CVE-2014-6271/|DevCore - Shellshock (Bash CVE-2014-6271) 威脅仍在擴大中,但無需過度恐慌]] |
| | * [[http://tdohacker.org/posts/234933-cve-2014-6271-vulnerability-more-serious-than-heartbleed|TDOHacker - 比HeartBleed Bug 更嚴重的漏洞]] |
| | * [[http://blog.longwin.com.tw/2014/09/cve-2014-6271-bash-remote-code-execution-2014/|Tsung-Hao Lee - CVE-2014-6271 - Bash 遠端執行的安全漏洞]] |
| | * [[http://seclists.org/oss-sec/2014/q3/650]] |
| |
| ===== About Networking Vendors ===== | ===== About Networking Vendors ===== |
| ^ Vendor ^ Affected ^ Announcement ^ Announce Date ^ | * 查表前有幾個前提 Assumptions consistent before reading |
| | A10 | Yes |[[https://www.a10networks.com/support-axseries/A10-Shellshock_Bash_CVE-2014-6271.pdf|External link at A10 (login required)]] | 2014-09-27 | | * 有些 Vendor 雖然有使用到出問題的 Bash,但是由於沒有觸發環境,故其並未受到影響 |
| | Arbor Networks | No | [[https://arbor.custhelp.com/app/answers/detail/a_id/2528|Internal Field Notification Only (login required)]] | 2014-09-27 | | * Some of product have using bash, but there were not trigger condition. |
| | Aruba Networks | Yes | [[http://www.arubanetworks.com/support/alerts/aid-09252014.txt|External Document at Aruba Alert]] | 2014-09-25 | | * 部分 Vendor 產品非常的多,故只要有任一產品受影響即掛為 Yes |
| | BlueCoat | Yes | [[https://kb.bluecoat.com/index?page=content&id=SA82|External link at BlueCoat KB]] | 2014-09-25 | | * Some of vendor may had many product lines, any one of their product to be vulnerable, it will mark "Yes" in "Vulnerable" field. |
| | Brocade | Yes | [[http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-bashabug-vulnerability.pdf|External link at Brocade]] | 2014-09-29 | | * 因為我只列網路相關產品,其管理介面並不同於使用者端,故我預設所有機器皆為固定 IP, DHCP 問題暫不予考慮 |
| | CheckPoint | Yes | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673|External link at CheckPoint]] | 2014-09-25 | | * According to networking product lines characteristic, the management interface property different with end user environment, I suppose that all unit using static address, there are no DHCP at all. |
| | Cisco | Yes | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash|External link at Cisco]] | 2014-09-26 | | |
| | Dlink | Being Confirmed… | | | | ^ Vendor ^ Vulnerable ^ Using Affected Bash ^ Announcement ^ Announce Date ^ |
| | Enterasys (Part of Extreme) | Being Confirmed… | | | | | A10 | No | Yes |[[https://www.a10networks.com/support-axseries/A10-Shellshock_Bash_CVE-2014-6271.pdf|A10 Support(login required)]] | 2014-09-27 | |
| | Extreme Networks | Yes | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2014-001-%20GNU%20Bash%20Threats%20-CVE-2014-7169%20rev01.pdf/|External link at Extreme]] | 2014-09-25 | | | Arbor Networks | No | Yes | [[https://arbor.custhelp.com/app/answers/detail/a_id/2528|Internal Field(login required)]] | 2014-09-27 | |
| | F5 | Yes | [[http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html|External link at F5]] | 2014-09-25 | | | Arista Networks | Yes | Yes | [[http://www.arista.com/en/support/security-advisories/1008-security-advisory-0006|Security Advisory]] | 2014-09-29 | |
| | FireEye | Yes | [[http://www.fireeye.com/support/support-notices.html|External link at FireEye]] | 2014-09-25 | | | Aruba Networks | No | Yes | [[http://www.arubanetworks.com/support/alerts/aid-09252014.txt|Aruba Alert]] | 2014-09-25 | |
| | Fortinet | Yes | [[http://www.fortiguard.com/advisory/FG-IR-14-030/|External link at FortiGuard]] | 2014-09-25 | | | Avaya | Yes | Yes | [[https://support.avaya.com/helpcenter/getGenericDetails?detailId=C2014926131554370002|Avaya Security Advisories]] | 2014-10-01| |
| | iMPERVA | No | [[http://www.imperva.com/services/adc_advisories_response_shellshock_CVE_2014_6271| External link at iMPERVA]] | 2014-09-25 | | | BlueCoat | Yes | Yes | [[https://kb.bluecoat.com/index?page=content&id=SA82|BlueCoat KB]] | 2014-09-25 | |
| | Juniper | Yes | [[http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS|External link at Juniper KB]] | 2014-09-25 | | | Brocade | Yes | Yes | [[http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-bashabug-vulnerability.pdf|Brocade]] | 2014-09-29 | |
| | McAfee | Yes | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10085|External link at McAfee]] | 2014-09-29 | | | Cellopoint | No | Yes | [[http://www.cellopoint.com/tw/media_resources/news/20140930|Cellopoint News]] | 2014-09-30 | |
| | NetAxle | Being Confirmed… | [[http://www.netaxle.com.tw/|External link at NetAxle]] | -- | | | CheckPoint | No | Yes | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673|CheckPoint]] | 2014-09-25 | |
| | Palo Alto | Yes | [[https://securityadvisories.paloaltonetworks.com/|External link at Palo Alto]] | 2014-09-24 | | | Cisco | Yes | Yes | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash|Cisco]] | 2014-09-26 | |
| | Ruckus Wireless | Being Confirmed… | [[http://www.ruckuswireless.com/security| External link at Ruckus Security]] | -- | | | Dlink | Being Confirmed… || | | |
| | Sophers | No | [[http://www.sophos.com/en-us/support/knowledgebase/121444.aspx|External link at Sophers]] | 2014-09-29 | | | Enterasys (Part of Extreme) | Yes | Yes | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2014-001-%20GNU%20Bash%20Threats%20-CVE-2014-7169%20rev01.pdf/|Extreme eSupport]] | 2014-09-25 | |
| | Sourcefire (Part of Cisco) | | Check Cisco | | | | Extreme Networks | No | No | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2014-001-%20GNU%20Bash%20Threats%20-CVE-2014-7169%20rev01.pdf/|Extreme eSupport]] | 2014-09-25 | |
| | Splunk | Yes | [[http://www.splunk.com/view/SP-CAAANJN| External link at Splunk Answers ]] | 2014-09-29 | | | F5 | Yes | Yes | [[http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html|F5]] | 2014-09-25 | |
| | TippingPoint | Being Confirmed… | [[https://tmc.tippingpoint.com/TMC/library/announcements/|TMC]] | -- | | | FireEye | Yes | Yes | [[http://www.fireeye.com/support/support-notices.html|FireEye]] | 2014-09-25 | |
| | VMware | Yes | [[http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740|External link at VMware KB]] | 2014-09-26 | | | Fortinet | Yes | Yes | [[http://www.fortiguard.com/advisory/FG-IR-14-030/|FortiGuard]] | 2014-09-25 | |
| | Websense | No | [[http://www.websense.com/support/article/kbarticle/BASH-Shellshock-CVE-2014-6271|External link at Websense ]] | 2014-09-25 | | | iMPERVA | No | Yes | [[http://www.imperva.com/services/adc_advisories_response_shellshock_CVE_2014_6271| iMPERVA]] | 2014-09-25 | |
| | | Juniper | Yes | Yes | [[http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS|Juniper KB]] | 2014-09-25 | |
| | | McAfee | Yes | Yes | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10085|McAfee]] | 2014-09-29 | |
| | | NetAxle | No | Yes | Response from vendor | -- | |
| | | Palo Alto | No | Yes | [[https://securityadvisories.paloaltonetworks.com/|Palo Alto]] | 2014-09-24 | |
| | | Radware | Yes | Yes | [[http://security.radware.com/SiteCode/Templates/template_1_1_2%282x1%29_1.aspx?pageid=105&id=620|Emergency Response]] | 2014-09-26 | |
| | | Ruckus Wireless | Yes | Yes | [[http://www.ruckuswireless.com/security|Ruckus Security]] | 2014-09-29 | |
| | | Silver Peak | No | Yes | Internal Document | 2014-09-24 | |
| | | Sophers | No | Yes | [[http://www.sophos.com/en-us/support/knowledgebase/121444.aspx|Sophers]] | 2014-09-29 | |
| | | Sourcefire (Part of Cisco) | | | Check Cisco | | |
| | | Splunk | Yes | Yes | [[http://www.splunk.com/view/SP-CAAANJN| Splunk Answers ]] | 2014-09-29 | |
| | | TippingPoint | Yes(Only NGFW) | Yes | Internal Document | 2014-09-30 | |
| | | VMware | Yes | Yes | [[http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740|VMware KB]] | 2014-09-26 | |
| | | Websense | No | Yes | [[http://www.websense.com/support/article/kbarticle/BASH-Shellshock-CVE-2014-6271|Websense ]] | 2014-09-25 | |
| |
| ===== Best Practices ===== | ===== Best Practices ===== |
| * | * To be continued... |
| |
| ===== Further Reading ===== | |
| * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271]] | |
| * [[http://tdohacker.org/posts/234933-cve-2014-6271-vulnerability-more-serious-than-heartbleed|比HeartBleed Bug 更嚴重的漏洞]] | |
| * [[http://blog.longwin.com.tw/2014/09/cve-2014-6271-bash-remote-code-execution-2014/|CVE-2014-6271 - Bash 遠端執行的安全漏洞]] | |
| * [[http://seclists.org/oss-sec/2014/q3/650]] | |
| |
| |