Hallett_German

New KB on Shellshock Security Vulnerability & TIM

Discussion created by Hallett_German Employee on Sep 29, 2014
Latest reply on Sep 29, 2014 by Hallett_German

This is released with the approval of Product Management

 

https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC618037

 

 

 

Knowledge Base
Article

 

 

Components:

 

 

CUSTOMER EXPERIENCE MANAGER: 9.0, 9.1, 9.5, 9.6

 

 

Last
Date
:    09/29/2014

 

 

Document
ID
:    TEC618037

 

 

Tech Document

 

 

Title:  Bash Code Injection aka "Shellshock" and CEM TIM and
TIMSoft

 

 

 

 

 

Versions affected:

 

 

Standalone
CEM TIM (9.6 and higher) and TIMSoft (Other 9.x versions)

 

 

Description:

 

 

The CEM Transaction Impact Monitor (TIM) is a passive network probe that collects
business transaction information on HTTP/HTTPS traffic through a network span
or tap. The CEM TIM is a C++ based application that runs on specific versions
of the Linux operating system and does not use the Bash shell for any of its
operational functions, however prior to version 9.6, the TIM installation
script does use the bash shell.

 

 

Ithas been recently disclosed by industry experts that most versions of Unix,
Linux, OSX and other variants are susceptible to a security issue that allows
the execution of bash code injection. This is being referred to in the media as
"Shellshock".

 

 

Solution:

 

 

CA
takes these issues seriously and will be adding this patch to the latest 9.5.x
TIMSoft software updates in the future as part of our regular release schedule.

 

 

Customers
on the "software only" distribution (9.6+) of the TIM should
investigate updating their operating systems with the latest security patches
from RedHat/CentOS.

 

 

For
customers on the TIMSoft, a RedHat software appliance, who cannot wait for the
update of the distribution, we recommend that you investigate RedHat issue CVE-2014-6271. This contains the information
on where to obtain the patch and how to install it.

 

 

Note:
Since at this time we have not certified that the patch does not affect the TIM
installer pre 9.6, you should not patch the OS till the TIM software is
installed on the TIMSoft image.

 

 

Each
TIMSoft image may have different a RedHat OS level depending on the exact
revision of TIM software versions 9.1 or 9.5. If you need to determine the OS
version specifics to download the patch from RedHat you may use the following
command in an SSH or console session:

 

 

~# lsb_release -a

 

 

 

 

Outcomes