Skip to content
  • There are no suggestions because the search field is empty.

ESA-2014-109: RSA Security Analytics and RSA NetWitness Security Update for Multiple Vulnerabilities in Bash

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

ESA-2014-109: RSA Security Analytics and RSA NetWitness Security Update for Multiple Vulnerabilities in Bash

 

EMC Identifier: ESA-2014-109

CVE Identifier: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

Severity Rating: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:

  • RSA Security Analytics 10.4.x
  • RSA Security Analytics 10.3.x
  • RSA Security Analytics 10.2.x
  • RSA Security Analytics 10.1.x
  • RSA Security Analytics 10.0.x
  • RSA NetWitness 9.8.x
  • RSA NetWitness 9.7.x
  • RSA NetWitness 9.6.x

Summary:

GNU Bash contains multiple vulnerabilities that may affect RSA Security Analytics and RSA NetWitness customers.

Details:

GNU bash  is reported to potentially cause the following vulnerabilities:

1.       CVE-2014-6271: GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution (aka Shellshock/Bashbug). Bash supports exporting of shell functions to other instances of bash using an environment variable. This environment variable is named by the function name and starts with a ""() {"" as the variable value in the function definition. When Bash reaches the end of the function definition, rather than ending execution it continues to process shell commands written after the end of the function. For more information see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

 

2.       CVE-2014-7169: This vulnerability exists because of an incomplete fix for CVE-2014-6271 (see above for details)

3.       CVE-2014-7186: The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the ""redir_stack"" issue. For more information see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186


4.       CVE-2014-7187: Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the ""word_lineno"" issue. For more information see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187


5.       CVE-2014-6277: This vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169 (see above for details)

6.       CVE-2014-6278: This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277 (see above for details)

Resolution:

RSA Security Analytics Shellshock Security Patch provides resolution for all Affected Products listed above for both Security Analytics and NetWitness Platforms. 

For update instructions, please refer to KB article 

https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a68107

RSA strongly recommends all customers upgrade at the earliest opportunity.