Are Appliances affected by recent BASHBug?

V4 · ‎10-01-2014

Will NBU appliances be at risk on bashbug?..... What could be preventive actions to be taken to protect it.

Although appliances have been hardened by SCSP and has restricted privileges, are there chances it might get affected?

http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability?inid=us_ghp_hero3_bashbug

RiaanBadenhorst · ‎10-01-2014

Check the note

http://www.symantec.com/docs/TECH224948

Mark_Solutions · ‎10-02-2014

All fine(ish) if you are at 2.6.0.2 or above, affected if earlier .. fully fixed at the next release

SymTerry · ‎10-02-2014

Hello,

Please watch and subscribe toTECH224948. This is Symantec's statment for the Shell Shock or bash bug "CVE-2014-6271" and newer "CVE-2014-7169" on NetBackup and NetBackup Appliances.

Here are the versions with impact:

Component	Version	Impact?
NetBackup	7.6 / 7.6.0.1	No
NetBackup	Versions prior to 7.6	No
NetBackup (52xx) Appliances	2.6.0.2 and higher	Yes; minimal
NetBackup (52xx) Appliances	Versions prior to 2.6.0.2	Yes
Deduplication (50xx) Appliances	1.4.4	Yes

A tentative date of October 3, 2014 has been set for when an Emergency Engineering Binary (EEB) will be made available for the potentially impacted components.

CRZ · ‎10-03-2014

Sorry guys, looks like some newer issues which ALSO need to get addressed will necessitate us pushing our tentative date for a hotfix release back a week to October 10. Hopefully we will get the TechNote updated to reflect this later today when we have a little more information.

VOX

Are Appliances affected by recent BASHBug?