Higher Education

last person joined: 11 days ago 

Got questions on how to enable mobility in education? Submit them here!
Back to discussions
Expand all | Collapse all

bash exploit and Airwave/ClearPass

This thread has been viewed 0 times

  • 1.  bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 11:09 AM

    Our Systems group is abuzz with identifying and patching the bash exploit. From what I've seen in Googleland it appears CentOS may be affected as well.

     

    Any comments good, bad or otherwise on Aruba products and the bash exploit?

     

    Mike



  • 2.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 11:32 AM
    Someone would already need your admin credentials and access to the cli before being able to attempt this in which case the bash exploit will be the least of your worries, unless I'm mistaken.

    Also I'm not sure the shell that customers have access to would even be vulnerable.

    Would like to hear what Aruba have to say though.


  • 3.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 12:39 PM

    From what I understand the expoit allows from remote access without a user having your admin credentials.  Here is a link to the expoit:

     

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

     

     

    Will



  • 4.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 02:18 PM

    Airwave runs CentOS (does ClearPass?). Apparently CentOS released an update today.

     

    Additional info:

     

    * Unauthenticated attackers could gain control of a vulnerable system
    remotely if the system is running a Web server that allows CGI (Common
    Gateway Interface) in certain configurations. CGI is a method for
    generating dynamic Web content.

    * Authenticated attackers can exploit vulnerable systems once they log
    in.

     

    Bourne Again Shell (Bash) Remote Code Execution Vulnerability

    https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

     

    Operating systems with updates include:

     The above contains a link to the CentOS site below:

     

    [CentOS] Critical update for bash released today

    http://lists.centos.org/pipermail/centos/2014-September/146099.html



  • 5.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 03:44 PM

    I did a bash update via yum on our Airwave server.  No ill effects at this point, but no guarantees that it won't hose your install.

     

    #yum update bash



  • 6.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 05:10 PM

    http://www.arubanetworks.com/support/alerts/aid-09252014.txt.  Should be live on the public website momentarily.

     

    Also, subscribe to the following thread to be kept up to date on vulnerabilities.  It is also posted here.

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/td-p/176738

     

     



  • 7.  RE: bash exploit and Airwave/ClearPass

    Posted Sep 25, 2014 05:13 PM
    @pertal wrote:

    I did a bash update via yum on our Airwave server.  No ill effects at this point, but no guarantees that it won't hose your install.

     

    #yum update bash


    updating with yum is fine too.



  • 8.  RE: bash exploit and Airwave/ClearPass

    Posted Oct 06, 2014 03:27 PM

    Thanks. I updated via yum with no ill effects.

     

    Mike



  • 9.  RE: bash exploit and Airwave/ClearPass

    Posted Oct 07, 2014 10:16 AM
    Same here


  • 10.  RE: bash exploit and Airwave/ClearPass

    Posted Oct 07, 2014 10:35 AM

    For those of us with a ClearPass clustered environment and multiple virtual IPs, does anyone know why the upgrade / patch instructions don't discuss the order that the upgrades / patches should be applied to particular machines in different roles?