/build/static/layout/Breadcrumb_cap_w.png

Kace and Shell Shock vulnerability

   Is the k1000 or the k2000 vulnerable to the Shell Shock Vulnerability in bash?

A high risk vulnerability was disclosed on September 24, 2014 by the National Institute of Standards and Technology (NIST) that could result in sensitive information being leaked by exploiting a flaw in GNU Bash. Details of this vulnerability, which has been dubbed the ‘Bash flaw’ or ‘Shell Shock’, can be referenced in the NIST CVE-2014-6271.



3 Comments   [ + ] Show comments
  • Yes, I would like to know about possible Kace vulnerabilities as well in regards to Shell Shock/BASH Flaw. - piobaireachd 10 years ago
  • What is the likely hood of older versions being updated? we're still running 5.3 code train. - nbs 10 years ago
    • Looks like 5.5 and up only. - jones948 10 years ago
  • Just saw they released k1000 6.2, but it does not appear to address anything related to the bash exploit:

    http://www.kace.com/support/resources/kb/solutiondetail?sol=133496
    https://www.kace.com/~/media/Files/Support/Documentation/K1000/v62/K1000_62_ReleaseNotes.pdf - jones948 10 years ago

Answers (4)

Posted by: jones948 10 years ago
Orange Senior Belt
2
Hotfix posted within the last couple of hours:

http://www.kace.com/support/resources/kb/solutiondetail?sol=133716

Comments:
  • This says otherwise: "Note: Once this hotfix has been applied. reboot the server from the maintenace page." - carminus 10 years ago
    • Hmm. That wasn't up when I posted and I was just going off of the fact that the hotfix itself did not reboot the server. - jones948 10 years ago
Posted by: Asevera 10 years ago
Blue Belt
1
Good question. I submitted a ticket with support this morning to find out the answer. Our Secureworks appliance started picking up external scans hitting our K1 this week (GNU Bash Environment Variable Code Injection attempt)


Official link here: http://www.kace.com/support/resources/kb/solutiondetail?sol=133191

Comments:
  • Thanks for posting this. I was also glad to see the notice was also pushed to my kbox via the Latest News section; good job dell! - Jbr32 10 years ago
Posted by: ms01ak 10 years ago
10th Degree Black Belt
1

I have an answer from Support:

The KACE appliances are vulnerable to this exploit

 "Our engineers are working on this as a top priority and Iwill follow up as soon as there is any official information.

A hotfix is under development for this issue and I willadvise you the moment it is ready. "



Comments:
  • Did they indicate kboxes should be taken offline? - Jbr32 10 years ago
Posted by: hjansari 10 years ago
Fourth Degree Green Belt
0
Does Dell have any solution to roll out a fix for this vulnerability?

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ