Archive for September 26th, 2014

Info: cloud-client.info UMS Appliance 2.9 and Shellshock security bulletin

Friday, September 26th, 2014

Hello Folks,

please note that the cloud-client.info UMS Appliance 2.9 (Ubuntu 12.04 LTS) and lower are also affected by the Shellschock issue.

You are free to fix the issue by following several public available manuals by your own but we will not provide a fix for this!

Reason for this is simple, we will release a new UMS Appliance in the upcoming days (Version 3.0) which is based on a complete new Linux Version (Ubuntu 14.04 LTS) including a fixed bash version.

From our point it doesn’t make sense to invest time to maintain Versions < 3.0 at this moment and like mentioned, it’s quite simple to fix it by your own.

Cheers

Michael

P.S.: Ubuntu LTS means Long Term Support

Info (updated): IGEL Linux and Shellshock security issue

Friday, September 26th, 2014

Hello Folks,

already a few days the Linux/MacOSX Shellshock issue is sneaking around the internet, one question: Is the IGEL Linux affected?

Here is the answer: Yes

All IGEL Linux Version up to Firmware 5.04.100 have a Bash Version lower than 4.3 installed, means all these systems are affected.

You can check this quite easy with the command “bash –version”

or enter the following comand in a Terminal Session:

test=”() { echo Hello; }; echo Hacked” bash -c “”

Is it critical? Depends on your configuration, by default the IGEL System is very secure and the regular user don’t have any option to gain access to the command line or to a configuration to enter these “variable” hacks. So as long the user can not access the command line nothing will happen, there is no webserver or similar to sneak in with some dirty “cheats”.

So we classify this issue as “Low” for a regular configured IGEL Linux based Thin Client.

I will update you and provide a fix asap for the x86 based Linux (iam sorry but i don’t have a ARM platform to provide a ARM compiled bash replacement), these fix can be used until IGEL will release a firmware update to fix this issue.

Update: IGEL has released fixed firmwares for all current devices.

Cheers

Michael