DX Application Performance Management

Expand all | Collapse all

New KB on Shellshock Security Vulnerability & TIM

  • 1.  New KB on Shellshock Security Vulnerability & TIM

    Broadcom Employee
    Posted 09-29-2014 01:45 PM

    This is released with the approval of Product Management






    Knowledge Base






    CUSTOMER EXPERIENCE MANAGER: 9.0, 9.1, 9.5, 9.6



    :    09/29/2014



    :    TEC618037



    Tech Document



    Title:  Bash Code Injection aka "Shellshock" and CEM TIM and






    Versions affected:



    CEM TIM (9.6 and higher) and TIMSoft (Other 9.x versions)






    The CEM Transaction Impact Monitor (TIM) is a passive network probe that collects
    business transaction information on HTTP/HTTPS traffic through a network span
    or tap. The CEM TIM is a C++ based application that runs on specific versions
    of the Linux operating system and does not use the Bash shell for any of its
    operational functions, however prior to version 9.6, the TIM installation
    script does use the bash shell.



    Ithas been recently disclosed by industry experts that most versions of Unix,
    Linux, OSX and other variants are susceptible to a security issue that allows
    the execution of bash code injection. This is being referred to in the media as






    takes these issues seriously and will be adding this patch to the latest 9.5.x
    TIMSoft software updates in the future as part of our regular release schedule.



    on the "software only" distribution (9.6+) of the TIM should
    investigate updating their operating systems with the latest security patches
    from RedHat/CentOS.



    customers on the TIMSoft, a RedHat software appliance, who cannot wait for the
    update of the distribution, we recommend that you investigate RedHat issue CVE-2014-6271. This contains the information
    on where to obtain the patch and how to install it.



    Since at this time we have not certified that the patch does not affect the TIM
    installer pre 9.6, you should not patch the OS till the TIM software is
    installed on the TIMSoft image.



    TIMSoft image may have different a RedHat OS level depending on the exact
    revision of TIM software versions 9.1 or 9.5. If you need to determine the OS
    version specifics to download the patch from RedHat you may use the following
    command in an SSH or console session:



    ~# lsb_release -a





  • 2.  Re: New KB on Shellshock Security Vulnerability & TIM

    Broadcom Employee
    Posted 09-29-2014 01:53 PM

    An advisory with more information will be released by Product Management..