Endpoint Protection

 View Only

  • 1.  New Security Response Blog Post: Shellshock

    Posted Sep 25, 2014 11:55 AM

    Just raising awareness of this new vulnerability (and its patches) in the *nix world's popular bash shell. Symantec Security Response have just posted a blog on the subject- please do read (and take the appropriate action), if your environment relies upon Linux, UNIX and Mac OS X machines.

     

    Shellshock: All you need to know about the Bash Bug vulnerability
    https://www-secure.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability

     

    With thanks and best regards,

    Mick

     

     



  • 2.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 04:24 AM

    Here is a two-minute video, highly recommended:

    Shellshock: A High Level Overview of the Bash Bug Vulnerability
    https://www.youtube.com/watch?v=XIsUWwJaOeU&feature=youtu.be

    "Jonathan Omansky - Director, Security Response Operations, talks at a high level about the “ShellShock" or "Bash Bug" vulnerability. Jonathan discusses what it is, what the Bash vulnerability could allow and what can you need to do if you are running a system that is vulnerable."



  • 3.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 04:51 AM

    Nice one Mick, "Thumbs Up" yes

    I don't suppose you have an ETA on when a comprehensive list of vulnerable Symantec products and versions will be available do you?



  • 4.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 08:24 AM

    Is the Apache module in SEPM vulnerable to Shellshock?

     

    Torb



  • 5.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 08:27 AM

    Hi Torb,

    No. Shellshock is a vulnerability in unpatched versions of bash on Linux/Unix/Mac OS X.  It does not apply to the SEPM.

    All the best,

    Mick



  • 6.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 08:44 AM

    Hi Mick,

     

    Do we anticipate there being issues with the Symantec Encryption Management Server with it being built on modified CentOS? Equally concerned around the Web and Messaging gateway products...

     

    Thanks

    Jake



  • 7.  RE: New Security Response Blog Post: Shellshock

    Posted Sep 26, 2014 09:18 AM

    Hi Jake,

    Apologies, I can't speak for those products. Symantec as a company is well-aware of the issue referred to in CVE-2014-6271, GNU Bash Remote Code Execution Vulnerability, and we are investigating throughly.  If we determine the issue adversely impacts any of our products, we will provide appropriate updates/mitigations as required.

    All the best,

    Mick



  • 8.  RE: New Security Response Blog Post: Shellshock

    Posted Oct 01, 2014 05:04 AM

    Hello all,

    Just adding some additional links: there are now a couple of IPS and AV detections in place for attempted exploits of this vulnerability.  If you do not already have the new SEP 12.1.5 for Linux on your Linux machines, I strongly recommend installing it now! &: )

    Linux.Bashlet
    http://www.symantec.com/security_response/writeup.jsp?docid=2014-093018-1846-99

    Perl.Shellbot
    http://www.symantec.com/security_response/writeup.jsp?docid=2014-093018-5028-99

     

    27907 - OS Attack: GNU Bash CVE-2014-6271

    27914 - OS Attack: GNU Bash CVE-2014-7169

     



  • 9.  RE: New Security Response Blog Post: Shellshock

    Posted Oct 02, 2014 07:44 AM

    Hi Guys,

    You know if we already have the SEP IPS signature for new CVEs of shellshock?

    CVE-2014-7187
    CVE-2014-6277
    CVE-2014-6278

    Thanks.



  • 10.  RE: New Security Response Blog Post: Shellshock

    Posted Oct 02, 2014 08:45 AM

    Hi Joao,

    There is a 27921 - OS Attack: GNU Bash CVE-2014-6278 IPS signature.  Subscribe to the https://www-secure.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability for additional news!

    All the best,

    Mick