This is released with the approval of Product Management
CUSTOMER EXPERIENCE MANAGER: 9.0, 9.1, 9.5, 9.6
Title: Bash Code Injection aka "Shellshock" and CEM TIM and
CEM TIM (9.6 and higher) and TIMSoft (Other 9.x versions)
The CEM Transaction Impact Monitor (TIM) is a passive network probe that collects
business transaction information on HTTP/HTTPS traffic through a network span
or tap. The CEM TIM is a C++ based application that runs on specific versions
of the Linux operating system and does not use the Bash shell for any of its
operational functions, however prior to version 9.6, the TIM installation
script does use the bash shell.
Ithas been recently disclosed by industry experts that most versions of Unix,
Linux, OSX and other variants are susceptible to a security issue that allows
the execution of bash code injection. This is being referred to in the media as
takes these issues seriously and will be adding this patch to the latest 9.5.x
TIMSoft software updates in the future as part of our regular release schedule.
on the "software only" distribution (9.6+) of the TIM should
investigate updating their operating systems with the latest security patches
customers on the TIMSoft, a RedHat software appliance, who cannot wait for the
update of the distribution, we recommend that you investigate RedHat issue CVE-2014-6271. This contains the information
on where to obtain the patch and how to install it.
Since at this time we have not certified that the patch does not affect the TIM
installer pre 9.6, you should not patch the OS till the TIM software is
installed on the TIMSoft image.
TIMSoft image may have different a RedHat OS level depending on the exact
revision of TIM software versions 9.1 or 9.5. If you need to determine the OS
version specifics to download the patch from RedHat you may use the following
command in an SSH or console session:
~# lsb_release -a