Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

Statement regarding Shell Shock Vulnerability

« Go Back

Information

 
Article Number000001152
Article

 

Reference

 

This vulnerability could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

 

AppGate products

 

All supported versions of the AppGate Security Server are not exploitable through BASH code injection. Remotely accessible applications and services running on the AppGate Security Server itself do not use the BASH shell to execute commands.

However, the AppGate does include the vulnerable version of BASH in all releases up to 10.2.3. The only way to attempt to exploit this is with access to the admin role and related terminal access which gives full administrative control anyway so the system is no more or less vulnerable with this version of BASH.

BASH is in fact not used in the AppGate so is likely to be removed completely in the next release after 10.2.3

 

SEP products

SEP products are not affected by this vulnerability.

 

Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255