Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Regular Contributor I

bash exploit and Airwave/ClearPass

Our Systems group is abuzz with identifying and patching the bash exploit. From what I've seen in Googleland it appears CentOS may be affected as well.

 

Any comments good, bad or otherwise on Aruba products and the bash exploit?

 

Mike

9 REPLIES

Re: bash exploit and Airwave/ClearPass

Someone would already need your admin credentials and access to the cli before being able to attempt this in which case the bash exploit will be the least of your worries, unless I'm mistaken.

Also I'm not sure the shell that customers have access to would even be vulnerable.

Would like to hear what Aruba have to say though.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
New Contributor

Re: bash exploit and Airwave/ClearPass

From what I understand the expoit allows from remote access without a user having your admin credentials.  Here is a link to the expoit:

 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

 

 

Will

Regular Contributor I

Re: bash exploit and Airwave/ClearPass

Airwave runs CentOS (does ClearPass?). Apparently CentOS released an update today.

 

Additional info:

 

* Unauthenticated attackers could gain control of a vulnerable system
remotely if the system is running a Web server that allows CGI (Common
Gateway Interface) in certain configurations. CGI is a method for
generating dynamic Web content.

* Authenticated attackers can exploit vulnerable systems once they log
in.

 

Bourne Again Shell (Bash) Remote Code Execution Vulnerability

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

 

 The above contains a link to the CentOS site below:

 

[CentOS] Critical update for bash released today

http://lists.centos.org/pipermail/centos/2014-September/146099.html

New Contributor

Re: bash exploit and Airwave/ClearPass

I did a bash update via yum on our Airwave server.  No ill effects at this point, but no guarantees that it won't hose your install.

 

#yum update bash

Aruba

Re: bash exploit and Airwave/ClearPass

http://www.arubanetworks.com/support/alerts/aid-09252014.txt.  Should be live on the public website momentarily.

 

Also, subscribe to the following thread to be kept up to date on vulnerabilities.  It is also posted here.

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/td-p/176738

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba

Re: bash exploit and Airwave/ClearPass


pertal wrote:

I did a bash update via yum on our Airwave server.  No ill effects at this point, but no guarantees that it won't hose your install.

 

#yum update bash



updating with yum is fine too.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I

Re: bash exploit and Airwave/ClearPass

Thanks. I updated via yum with no ill effects.

 

Mike

Re: bash exploit and Airwave/ClearPass

Same here
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Occasional Contributor II

Re: bash exploit and Airwave/ClearPass

For those of us with a ClearPass clustered environment and multiple virtual IPs, does anyone know why the upgrade / patch instructions don't discuss the order that the upgrades / patches should be applied to particular machines in different roles?

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: