Info (updated): IGEL Linux and Shellshock security issue

Hello Folks,

already a few days the Linux/MacOSX Shellshock issue is sneaking around the internet, one question: Is the IGEL Linux affected?

Here is the answer: Yes

All IGEL Linux Version up to Firmware 5.04.100 have a Bash Version lower than 4.3 installed, means all these systems are affected.

You can check this quite easy with the command “bash –version”

or enter the following comand in a Terminal Session:

test=”() { echo Hello; }; echo Hacked” bash -c “”

Is it critical? Depends on your configuration, by default the IGEL System is very secure and the regular user don’t have any option to gain access to the command line or to a configuration to enter these “variable” hacks. So as long the user can not access the command line nothing will happen, there is no webserver or similar to sneak in with some dirty “cheats”.

So we classify this issue as “Low” for a regular configured IGEL Linux based Thin Client.

I will update you and provide a fix asap for the x86 based Linux (iam sorry but i don’t have a ARM platform to provide a ARM compiled bash replacement), these fix can be used until IGEL will release a firmware update to fix this issue.

Update: IGEL has released fixed firmwares for all current devices.

Cheers

Michael