Shellshock exploit targeting email gateways (ESAs)

Anshul Sinha · ‎10-27-2014

Could you please review the attack vector described in the below article:

https://www.binarydefense.com/bds/active-shellshock-smtp-botnet-campaign/

An active botnet is targeting email gateways by adding scripts in email fields like to, from, body etc.

A vulnerable gateway will execute these scripts and download malware and make the gateway part of another botnet.

Can you please let us know if our ESAs are good enough on these attacks?

Robert Sherwin · ‎10-27-2014

Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Please refer to the expanded "Affected Products" for details on our products.

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability:

Cisco IOS
Cisco IronPort ESA/SMA
Cisco Private Internet eXchange (PIX)
Cisco Sourcefire Defense Center and Sensor products

Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:

http://www.cisco.com/go/psirt

Cheers,
Robert Sherwin