Showing results for 
Search instead for 
Did you mean: 

informacast shellshock vulnerability

Chester Rieman
Level 1
Level 1

Looks like informacast is vulnerable:

admin@singlewire:~$ uname  -a
Linux singlewire 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686 GNU/Linux

admin@singlewire:/$ bash --version
GNU bash, version 3.2.39(1)-release (i486-pc-linux-gnu)

admin@singlewire:~$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"

Many users may still have the default password set for the admin cli account as well.


Tried to fix  but need root:

admin@singlewire:~$ sudo apt-get install --only-upgrade bash

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for admin:
Sorry, user admin is not allowed to execute '/usr/bin/apt-get install --only-upgrade bash' as root on singlewire.


Have a case open with TAC - will be interesting to see how this will get addressed  :-)




3 Replies 3

Level 1
Level 1

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at

An INTERIM Cisco Security Advisory was published on September 25th, 2014 and is available at the following URL:

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.


Any Updates - I have not heard back from singlewire as to when/how they will address this issue.

You can read our official statement about shellshock.

You can download the shellshock update for InformaCast 9.0.2 from or

 - Jerry