Shellshock Bug Fix MTP

Document created by Charles_Nack Employee on Sep 26, 2014Last modified by Charles_Nack Employee on Oct 1, 2014
Version 2Show Document
  • View in full screen mode

For information on keeping your MTP up to date on security fixes please see

Tech Tip: Checking backported security fixes on an Multi-port Monitor

 

Tech Doc link: TEC618171

How to determine if your version of bash is vulnerable:

To test if your version of Bash is vulnerable to this issue, run the following command:
     $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test


you are using a vulnerable version of Bash.

The patches used to fix this issue ensure that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
     $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

 

 

If you are affected by this please download the patch from:
ftp://ftp.ca.com/pub/netqos/product_patches/MTP/Shellshock/

 


For more info :
Bug 1141597 – CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

and your OS vendor's vulnerability sites.


Any questions please contact CA Support http://support.ca.com for further assistance.

 

Attachments

    Outcomes