GNU "Bash" ShellShock vulnerability on OmniSwitch products

Forum rules
Even though AlcatelUnleashed is NOT affiliated with or endorsed by Alcatel-Lucent, the topics in this forum are directly created by Alcatel-Lucent Enterprise marketing & communications team.
tddupree
Member
Posts: 8
Joined: 21 Feb 2014, 17:29

GNU "Bash" ShellShock vulnerability on OmniSwitch products

Postby tddupree » 14 Oct 2014, 16:21

Attached is a summary to guide you on which OmniSwitch products are affected by the recent GNU "Bash" virus. If you have any questions, you should contact your Alcatel-Lucent Enterprise representative.

You can also read an overview on the virus in our blog http://blog-enterprise.alcatel-lucent.com/article/shellshock-aka-bash-bug-threat-your-systems%E2%80%99-security.
You do not have the required permissions to view the files attached to this post.

User avatar
tot3nkopf
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 3927
Joined: 02 Feb 2006, 10:41
Location: Germany & Romania
Contact:

Re: GNU "Bash" ShellShock vulnerability on OmniSwitch produc

Postby tot3nkopf » 15 Oct 2014, 03:07

Hello Tracy,

Do you have also the updates for voice products?

Thank you.

tddupree
Member
Posts: 8
Joined: 21 Feb 2014, 17:29

Re: GNU "Bash" ShellShock vulnerability on OmniSwitch produc

Postby tddupree » 15 Oct 2014, 15:39

HI tot3nkopf ;
We are still preparing the information on the voice products. I will liaise to see when it will be made available.
Best,
tddupree

User avatar
tgn
Member
Posts: 592
Joined: 30 Dec 2009, 17:59
Location: Germany

Re: GNU "Bash" ShellShock vulnerability on OmniSwitch produc

Postby tgn » 15 Oct 2014, 17:14

what about sa0052ed03 from bwps?
it contains "Information about Bash Shellshock vulnerabilities" with a list of voice Products concerned by the Bash shellshock bug.

regards...
--- back to basics... focus your eyes to the essential things... ---

User avatar
tot3nkopf
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 3927
Joined: 02 Feb 2006, 10:41
Location: Germany & Romania
Contact:

Re: GNU "Bash" ShellShock vulnerability on OmniSwitch produc

Postby tot3nkopf » 16 Oct 2014, 03:22

tgn wrote:what about sa0052ed03 from bwps?
it contains "Information about Bash Shellshock vulnerabilities" with a list of voice Products concerned by the Bash shellshock bug.

regards...

Yes, this is truth, however the statements are not so clear about for instance OmniPCX Enterprise releases older than R9.1

User avatar
tgn
Member
Posts: 592
Joined: 30 Dec 2009, 17:59
Location: Germany

Re: GNU "Bash" ShellShock vulnerability on OmniSwitch produc

Postby tgn » 16 Oct 2014, 05:58

simply all versions of bash are vulnerable and i'm thinking noone from alcatel can give a statement which networkservices give acces to the bash in the shellshock-way (by crafted variable) for an unsupported old release.
you can go back to the 5.0UX or earlier. i think the shell on chorus os was ksh (kornshell) ;) .
or you can simply go forward to an actual release of oxe.
but also i will look forward and wait what alcatel will really say.

regards...
--- back to basics... focus your eyes to the essential things... ---


Return to “Alcatel-Lucent Enterprise marketing & communications”

Who is online

Users browsing this forum: No registered users and 1 guest