這是本文件的舊版!
目錄表
CVE-2014-6271 GNU bash Shell Multiple Vulnerabilities
Related CVE
- CVE-2014-6271
- CVE-2014-7169
- CVE-2014-7186
- CVE-2014-7187
Further Reading
About Networking Vendors
- 查表前有幾個前提 Assumptions consistent before reading
- 有些 Vendor 雖然有使用到出問題的 Bash,但是由於沒有觸發環境,故其並未受到影響
- Some of product have using bash, but there were not trigger condition.
- 部分 Vendor 產品非常的多,故只要有任一產品受影響即掛為 Yes
- Some of vendor may had many product lines, any one of their product to be vulnerable, it will mark “Yes” in “Vulnerable” field.
- 因為我只列網路相關產品,其管理介面並不同於使用者端,故我預設所有機器皆為固定 IP, DHCP 問題不予考慮
- According to networking product lines characteristic, the management interface property different with end user environment, I suppose that all unit using static address, there are no DHCP at all.
| Vendor | Vulnerable | Using Affected Bash | Announcement | Announce Date |
|---|---|---|---|---|
| A10 | No | Yes | A10 Support(login required) | 2014-09-27 |
| Arbor Networks | No | Yes | Internal Field(login required) | 2014-09-27 |
| Arista Networks | Yes | Yes | Security Advisory | 2014-09-29 | | Aruba Networks | No | Yes | [[http://www.arubanetworks.com/support/alerts/aid-09252014.txt|Aruba Alert | 2014-09-25 |
| BlueCoat | Yes | Yes | BlueCoat KB | 2014-09-25 |
| Brocade | Yes | Yes | Brocade | 2014-09-29 |
| CheckPoint | No | Yes | CheckPoint | 2014-09-25 |
| Cisco | Yes | Yes | Cisco | 2014-09-26 |
| Dlink | Being Confirmed… | |||
| Enterasys (Part of Extreme) | Yes | Yes | Extreme eSupport | 2014-09-25 |
| Extreme Networks | No | No | Extreme eSupport | 2014-09-25 |
| F5 | Yes | Yes | F5 | 2014-09-25 |
| FireEye | Yes | Yes | FireEye | 2014-09-25 |
| Fortinet | Yes | Yes | FortiGuard | 2014-09-25 |
| iMPERVA | No | Yes | iMPERVA | 2014-09-25 |
| Juniper | Yes | Yes | Juniper KB | 2014-09-25 |
| McAfee | Yes | Yes | McAfee | 2014-09-29 |
| NetAxle | Being Confirmed… | NetAxle | – | |
| Palo Alto | No | Yes | Palo Alto | 2014-09-24 |
| Ruckus Wireless | Being Confirmed… | Ruckus Security | – | |
| Sophers | No | Yes | Sophers | 2014-09-29 |
| Sourcefire (Part of Cisco) | Check Cisco | |||
| Splunk | Yes | Yes | Splunk Answers | 2014-09-29 |
| TippingPoint | Being Confirmed… | TMC | – | |
| VMware | Yes | Yes | VMware KB | 2014-09-26 |
| Websense | No | Yes | Websense | 2014-09-25 |
Best Practices
- To be continued…