Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)

This document (7015721) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks Configuration Management 11.3
Novell ZENworks Configuration Management 11.2
Novell ZENworks Configuration Management 11.1
Novell ZENworks Configuration Management 11
Novell ZENworks Configuration Management 10.3

Situation

Shellshock, also known as Bashdoor, is a security vulnerability in the widely used Linux/Unix Bash shell. Novell ZENworks Configuration Management is affected by this security vulnerability. For more details on this, please visit http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29

Further information regarding these security issues can be found here:
For ZENworks Configuration Management running on SLES operating system, please refer to TID 7015702, which provides specific instructions on how to apply the patch to the Operating System to address this issue. 

For ZENworks Virtual Appliance, please use the information provided in this document in order to overcome this vulnerability.

Resolution

The patch and instructions can be downloaded from download.novell.com under ZENworks Configuration Management product section, or directly by clicking on this link.  This patch applies only to ZEN Virtual Appliance.
On the other hand, this patch will also be automatically included in any future update for ZCM Appliance.

Status

Security Alert

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7015721
  • Creation Date:30-SEP-14
  • Modified Date:06-OCT-14
    • NovellZENworks Configuration Management

Did this document solve your problem? Provide Feedback