cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
652
Views
0
Helpful
3
Replies
Chester Rieman
Beginner

informacast shellshock vulnerability

Looks like informacast is vulnerable:

admin@singlewire:~$ uname  -a
Linux singlewire 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686 GNU/Linux

admin@singlewire:/$ bash --version
GNU bash, version 3.2.39(1)-release (i486-pc-linux-gnu)

admin@singlewire:~$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"
busted
completed


Many users may still have the default password set for the admin cli account as well.

 

Tried to fix  but need root:

admin@singlewire:~$ sudo apt-get install --only-upgrade bash

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for admin:
Sorry, user admin is not allowed to execute '/usr/bin/apt-get install --only-upgrade bash' as root on singlewire.

 

Have a case open with TAC - will be interesting to see how this will get addressed  :-)

 

 

 

3 REPLIES 3
jsteinhauer
Beginner

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

An INTERIM Cisco Security Advisory was published on September 25th, 2014 and is available at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

 

Any Updates - I have not heard back from singlewire as to when/how they will address this issue.

You can read our official statement about shellshock.

You can download the shellshock update for InformaCast 9.0.2 from singlewire.com or cisco.com.

 - Jerry

Content for Community-Ad

Spotlight Awards 2021