Cisco Headend Digital Broadband Delivery System Avviso
O
L - 3 2 3 3
5 -0 1
Field Notice:
Fix for GNU Bourne-Again Shell (Bash)
'Shellshock' Vulnerability in DBDS Products
Background
All Digital Broadband Delivery System (DBDS) products that run Solaris and Linux
operating systems are vulnerable to the recently announced Bash 'Shellshock' vulnerability.
This security flaw may allow a remote attacker to inject and execute arbitrary code,
This security flaw may allow a remote attacker to inject and execute arbitrary code,
depending on how the Bash shell is invoked. The Bash shell may be invoked in a number of
ways such as telnet, SSH, DHCP, scripts hosted on web servers and through other attack
vectors. Although DBDS products are vulnerable to this vulnerability, authentication is
required to exploit this vulnerability.
required to exploit this vulnerability.
Please note that National Vulnerability Database (NVD) is using the following Common
Vulnerabilities and Exposures (CVE) numbers to track this issue: CVE-2014-6271, CVE-2014-7169,
CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278.
Audience
This document is written for system administrators and system operators of Digital
Broadband Delivery System (DBDS) products, and to anyone who is responsible for
maintaining these products.
Document Version
This is the first formal release of this document.