DX NetOps

Shellshock vulnerability is a widely known vulnerability within the bash shell for Unix, Linux and Cygwin Windows environments.

Related NVD - CVE-2014-6271.

Later CVEs also included are:

CVE-2014-7169

CVE-2014-7186

CVE-2014-7187

CVE-2014-6277

CVE-2014-6278

Use the following command to test for the vulnerability CVE-2014-6271:

x='() { :;}; echo vulnerable' bash -c "echo done running"

If you see "Vulnerable" and "Done running" your bash shell is vulnerable to CVE-2014-6271.

If you only see "Done running" then your bash is not vulnerable.

There is further testing for the other CVEs, please see your system admin for assistance with those tests.

Solution:

Each operating system has a different solution to update the bash shell.

For Solaris:

Please see the following Document ID from Oracle:  1930090.1

Oracle Support Account required to obtain these patches from Oracle.

Link:  https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=282078587706337&id=1930090.1&_afrWindowMode=0&_adf.ctrl-state=l3k69dgjq_4

For Linux:

See article from Redhat here for further details on the fixes and testing for all vulnerabilities.

https://access.redhat.com/articles/1200223

This will require a Redhat subscription.

At the command prompt as a sudo user type:  sudo yum update bash

Or as root type: yum update bash

For Windows:

This will require a patch from CA to fix the Cygwin Bash shell that is shipped with all releases of Spectrum including 9.2.x, 9.3.x, and 9.4.x.

The respective patch numbers to obtain are:

09.02.00.PTF_9.2.030

09.03.00.PTF_9.3.007

09.04.00.PTF_9.4.006

The patches can be obtained here:

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/technical-document-index/ca-spectrum-infrastructure-manager-solutions-patches-index.aspx

Click on your respective product version and you will see the above patches listed.

This patch will be available for 9.2, 9.3, and 9.4.  9.1 customers should upgrade to a supported release.

There is no minimum hotfix level required.  This patch will install on any version for that major release.

If there are any concerns or questions, please contact CA Support.

Hi Matt,

that link brings me to an "Page Not found" and a general overview of CA's products. I tried to find the fix in the "publishes solutions", but there were none listed. Could you post a revised link?

Thanks,

  Hilmar

We have someone looking into why the link is not working.  For now, you can log into support.ca.com and navigate to the CA Spectrum product page.  From there under Popular Links is the Spectrum Solutions & Patches Index.  Can you try that?

No sorry. Just brings me to that very general page too.

Ok, we'll continue to look into why the link isn't working.

You can still get to the patches directly by logging into ftp.ca.com as anonymous (your email is your password), then navigate to /pub/CA-SPECTRUM/Updates/GA/Shellshock_Cgywin_patch here you will see a folder for each of the Spectrum releases, in the folders is the executable and Release Note.

That worked. Many thanks!

Hilmar

Wonderful.  The original link has been restored and is now working.