10-26-2014 09:59 PM - edited 03-14-2019 02:02 PM
Where would I find a chart/list which maps the UCCX version to Red Hat Linux version?
Thanks
10-27-2014 12:28 AM
Hi,
why are you interested in that?
Technically, UCCX is a "black box", from the user's perspective it's not necessary (or advisable) to touch the operating system. Yes, we do know it's Red Hat but it's just a useless fact. Yes, I know one can get root access and start bash (or just anything) but it's kind of risky.
G.
10-27-2014 01:36 AM
Since the Linux bash vulnerability (ShellShock) issue, Red Hat have released a lot of security issues associated with the different versions of RHEL (e.g. kernel, ssl, krb5, poodle, etc - there have been 25 different "modules" affected in the last 2 months), even though it's a "black box", we need to evaluate the possible security issue/s that could occur with the different versions of UCCX.
I have been raising Cases with Cisco to try to understand the possible security implications for each version of UCCX (e.g. if the issue is on RHEL 6.2 only, it would only affect UCCX version X), but it depends on how good the support person is as to how long it takes to get an answer.
Rgds, Terry
10-27-2014 02:51 AM
I see.
Well, Cisco does not like to give out this information officially and I can understand that. Can you tell me your exact UCCX version and I will try to ask around about the specific RH version, although I cannot guarrantee I'm able to get the answer.
Speaking of the ShellShock issue, I believe it's a bit overhyped. No sane programmer would ever use bash (or run a shell command or a program via shell) from a user interfacing application (for instance, a web page).
Anyway, there is a bug (https://tools.cisco.com/bugsearch/bug/CSCur02861) open for evaluating the impact and there's already a patch released (on 17th October) so if you are lucky to have a supported version, you should probably apply that patch.
G.
10-27-2014 04:30 PM
Hi G,
Thanks
Well, Cisco does not like to give out this information officially and I can understand that. Can you tell me your exact UCCX version and I will try to ask around about the specific RH version, although I cannot guarrantee I'm able to get the answer.
They will be the same versions as per ShellShock link https://tools.cisco.com/bugsearch/bug/CSCur02861
Speaking of the ShellShock issue, I believe it's a bit overhyped. No sane programmer would ever use bash (or run a shell command or a program via shell) from a user interfacing application (for instance, a web page).
Agreed, but it's not the answer that customers accept, especially those in the financial sector
Anyway, there is a bug (https://tools.cisco.com/bugsearch/bug/CSCur02861) open for evaluating the impact and there's already a patch released (on 17th October) so if you are lucky to have a supported version, you should probably apply that patch.
Ahh, the "ShellShock" link that still shows
Known Fixed Releases: | (0) |
and the associated link takes one to their Download Software home page
Rgds,
Terry
10-28-2014 12:26 AM
No need to post here as my support case provided the information I needed. I can provide the details if others want it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide