Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Shellshock vunerability?

This thread has been viewed 0 times

  • 1.  Shellshock vunerability?

    Posted Sep 25, 2014 02:29 PM

    With Shellshock (CVE-2014-6271) getting peoples attention now, is ArubaOS or Clearpass vunerable? I haven't seen anything on the security site.



  • 2.  RE: Shellshock vunerability?
    Best Answer

    EMPLOYEE
    Posted Sep 25, 2014 04:58 PM

    Please have a look at http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/td-p/176738, and subscribe to that thread if you haven't already.



  • 3.  RE: Shellshock vunerability?

    Posted Sep 26, 2014 05:05 AM

     

    The link above is returning :



  • 4.  RE: Shellshock vunerability?

    EMPLOYEE


  • 5.  RE: Shellshock vunerability?

    EMPLOYEE
    Posted Sep 29, 2014 09:00 PM

    Note that a revised advisory has been posted now - the severity has been greatly downgraded.  While we're still cautious that there could be some sneaky way to exploit this bug, all testing and analysis we've done so far indicates that none of our products are vulnerable to external attack through the bash vulnerability.  Good news for everyone, I hope.

     

    The tricky things is that after the first vulnerability went public, people have been finding more and more.  It has turned into "whack-a-mole" for the bash team.  I don't think the situation will change for Aruba - but if it does we'll let everyone know.