20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
Shellshock
1. Introduction
Shellshock is a vulnerability discovered in GNU's bash shell allowing attackers to gain access to your systems and execute remote commands. Below you can find a brief overview of our major vendors and their statements concerning Shellshock.
Aerohive Networks
Aerohive products are not vulnerable to the shellshock exploit.
Barracuda Networks
The vulnerability has been mitigated for all appliances with an active Energize Updates subscription on current hardware platforms. If you are still running hardware shipped to you before September 2009, this is a good opportunity for us to talk about our Hardware Refresh Program as well as Energize Updates and explain the value proposition for the subscription.
More information can be found on https://blog.barracuda.com/tag/shellshock/
Juniper Networks
Products vulnerable to remote exploitation risks:
Junos Space is vulnerable in all versions.
JSA Series (STRM) devices are vulnerable in all versions.
NSM Appliances (NSM3000 and NSMExpress) are vulnerable in all versions. Note: NSM server software installed on generic Linux or Solaris servers may require bash fixes from server OS vendor.
IDP Series in all versions.
Solutions and more information can be found on: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS
Stormshield
Stormshield (Data Security / Endpoint Security / Network Security) products are not impacted by the Shellshock vulnerability.
More information can be found on http://static.arkoon.net/corporate/STORM-2014-01-EN.PDF