Cisco and Oracle are working hard to identify networks and other products in their portfolios,which are affected by the critical vulnerability Shellshock.
The Shellshock vulnerability and several related last week due to errors such as command line interpreter bash for Unix and Linux systems analyzed chains,were found to be forwarded through external scripts.The errors that can be exploited to trick certain processes are running in areas vulnerable to malicious strings pass Bash,which is then run as commands on the underlying operating system machines.
Security researcher Rob Fuller has set collected by a collection of ShellShock feats proof-of-concept from different sources.The best known attack vectors are running on the Web server CGI scripts,SSH demons,although other applications that interact with Bash also potential targets.
Cisco has 71 products so far,which exposed the vulnerability is identified.These products serve a variety of purposes,including network implementation,service and acceleration; Network and content security Management and network provisioning; Routing and switching; Unified Computing Voice and Unified Communications; Video streaming,telepresence and transcoding.
The number of Cisco products vulnerable to Shellshock and related errors far exceeds the 38 confirmed not vulnerable. The company is reviewing an additional 168 products and hosted services,so that the list of sensitive products is likely to increase.
The impact of this vulnerability on Cisco products can vary depending on the product concerned because some types of attacks such as SSH,require successful authentication to be exploited and can not give rise to additional privileges granted to the user,Cisco said in its adviser.
Oracle is also in the process of identifying which of their products are vulnerable.Until now the company has released patches for nine products Shellshock Oracle Database Appliance 2.X and 12.1.2 Software Oracle Exadata Storage Server Oracle Exalogic Oracle Exalytics Oracle Linux 4,5,6 and 7 Oracle Solaris 8,9,10 and 11 operating system Oracle Supercluster Oracle Virtual Compute Appliance Software and Oracle VM 2.2,3.2 and 3.3.
An additional 42 products use Bash in at least one version and are likely to be susceptible to Shellshock, Oracle has found. No patches are currently available for these products. Four other products are currently being investigated to determine whether they are using vulnerable versions of Bash.
Oracle has the impact of this vulnerability for products evaluated no longer supported by the Oracle,the company said in its advisory.Other suppliers built on top of Linux,if it is to release hardware devices,SCADA platforms specialized servers or embedded devices,probably patches Shellshock in the near future, products are.
The overall impact of the vulnerability Shellshock and errors associated Bash is difficult to quantify due to the ubiquitous nature of this block in the world of Unix and Linux and the fact that all versions of Bash 1993 is likely vulnerable.Multiple vectors of attack only adds to the complexity of determining which systems are at risk.
No comments:
Post a Comment