ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)

  • 7015721
  • 30-Sep-2014
  • 06-Oct-2014

Environment

Novell ZENworks Configuration Management 11.3
Novell ZENworks Configuration Management 11.2
Novell ZENworks Configuration Management 11.1
Novell ZENworks Configuration Management 11
Novell ZENworks Configuration Management 10.3

Situation

Shellshock, also known as Bashdoor, is a security vulnerability in the widely used Linux/Unix Bash shell. Novell ZENworks Configuration Management is affected by this security vulnerability. For more details on this, please visit http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29

Further information regarding these security issues can be found here:
For ZENworks Configuration Management running on SLES operating system, please refer to TID 7015702, which provides specific instructions on how to apply the patch to the Operating System to address this issue. 

For ZENworks Virtual Appliance, please use the information provided in this document in order to overcome this vulnerability.

Resolution

The patch and instructions can be downloaded from download.novell.com under ZENworks Configuration Management product section, or directly by clicking on this link.  This patch applies only to ZEN Virtual Appliance.
On the other hand, this patch will also be automatically included in any future update for ZCM Appliance.

Status

Security Alert