Security

Reply
Contributor I
Posts: 23
Registered: ‎09-17-2012

Shellshock vunerability?

With Shellshock (CVE-2014-6271) getting peoples attention now, is ArubaOS or Clearpass vunerable? I haven't seen anything on the security site.

Moderator
Posts: 243
Registered: ‎09-12-2007

Re: Shellshock vunerability?

Please have a look at http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/td-p/176738, and subscribe to that thread if you haven't already.

---
Jon Green, ACMX, CISSP
Security Guy
DSP
Contributor II
Posts: 37
Registered: ‎03-25-2013

Re: Shellshock vunerability?

 

The link above is returning :

Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Shellshock vunerability?

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/td-p/176738
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Moderator
Posts: 243
Registered: ‎09-12-2007

Re: Shellshock vunerability?

Note that a revised advisory has been posted now - the severity has been greatly downgraded.  While we're still cautious that there could be some sneaky way to exploit this bug, all testing and analysis we've done so far indicates that none of our products are vulnerable to external attack through the bash vulnerability.  Good news for everyone, I hope.

 

The tricky things is that after the first vulnerability went public, people have been finding more and more.  It has turned into "whack-a-mole" for the bash team.  I don't think the situation will change for Aruba - but if it does we'll let everyone know.

---
Jon Green, ACMX, CISSP
Security Guy
Search Airheads
Showing results for 
Search instead for 
Did you mean: