Cool Solutions

The Linux “Shellshock” Vulnerability and Your Novell Products


October 2, 2014 12:21 pm




Novell and ShellshockNovell and Shellshock

Click to read our Shellshock Support Information

For all of us at Novell, the security of your data is of the utmost importance. Security researchers have discovered the following new software vulnerabilities that could affect Novell’s products and customers.

What is the ShellShock vulnerability and how do I know it exists on my systems?

A new vulnerability has been found that potentially affects Linux, UNIX and Mac OSX operating systems. Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271CVE-2014-7169 CVE-2014-6277, and CVE-2014-6278) could allow attackers to gain control over a targeted computer if exploited successfully, giving them access to your data and networks.

The vulnerability leverages the Bash shell, a command language interpreter used to run commands passed to it by applications. An attacker can attach malicious code to environment variables that affect the way processes are run on a computer.
If you are using Novell products that use versions of Bash (including operating systems based on SUSE Linux Enterprise 9, 10 or 11) your servers are potentially at risk. If your systems are compromised, we recommend that you patch them right away.

Is a patch available for me if I have current subscriptions and am running the most current version of my product? What if I’m running earlier versions and have a maintenance contract?

Yes and yes. You can access patches that close this vulnerability if you are a current customer with a maintenance contract.

What if I’m a current customer but I’m using older operating systems for some of my servers without a support/maintenance contract for those older versions… Can I still get the patches?

Yes, for SLES. Patches for the affected Novell products are available only to customers with a current Novell maintenance contract. For customers who are running their Novell products on SLES, and not via Virtual Appliance Deployment, patches are available for SLES via the SUSE channels described here:

What does the patch address or not address? Do I need to do anything else after applying the patch to make sure I’m no longer vulnerable?

Applying the product-specific patches eliminates the ability to append the Bash environmental variables with malicious code. After applying the patches, there are no additional tasks required to ensure you are no longer vulnerable to Shellshock.

Which Novell solutions are affected, and how do I obtain a patch?

Novell will continue to offer a rapid response to known security issues that impact our products and will notify you of any new issues or vulnerabilities.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Tags: , , , , , , , ,
Categories: Announcements, File Services and Management, Filr, GroupWise, iPrint, IT Operations Management, Open Enterprise Server, Open Workgroup Suite, Service Desk, Technical, ZENworks


Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.