Symantec has created the following process to identify Unix, Linux and Mac (ULM) computers that are vulnerable to the Bash ShellShock bug.
The process uses a custom inventory script that can be ran on ULM clients. A zipped file is attached to this knowledge base article. The file name is: vulnerabilities-check-dataclass.zip. It contains three files which should be imported into the NS console Reports menu. The files are:
vulnerabilities-check-dataclass.xml - the custom inventory data class.
bash-vulnerabilities-check.xml - the custom inventory shell script compatible for all ULM platforms
vulnerabilities-check-report.xml - the pre-built report showing results from the custom inventory script
After importing and running the script, the report will show the vulnerability status for four CVEs. CVE is an industry term for "Common Vulnerabilities and Exposures". The CVEs reported by this process are:
CVE-2014-6271 - Initial attempt to fix the bash shell shock bug
CVE-2014-7169 - Second attempt to fix the bash shell shock bug
CVE-2014-7186 - Fixes a possible overflow issue with the bash parser
CVE-2014-7187 - Fixes an issue with deeply-nested flow controls in bash
Here are a few links to the patches provided by a few OS vendors. Please see the respective OS vendors for further details and to download applicable patches. Note that not all CVEs are applicable to every OS platform or vendor.
Download "vulnerabilities-check-dataclass.zip" from this KB article to a location accessible from the NS Console and unzip the file.
In the NS console, click Reports -> All Reports.
Create or choose any place in the left-hand menu tree for your custom reports (eg. “Discovery and Inventory -> Inventory) and on right click select New->Folder. Name it appropriately, eg., “Bash Shellshock”.
Right click on a newly created folder and select “Import”.
Import all 3 downloaded files in archive. Note: 'vulnerabilities-check-dataclass.xml' should be imported first
After successfully importing the three files, click on the shell script, named “Bash vulnerabilities check”, and run this task on your Unix/Linux/Mac clients. Note that this can be added to a policy, a job or ran using the task 'quick run' option.
Click on the report named “Vulnerabilities check” to see the report details and identify vulnerable machines.
Advisory: View KM: TECH225088 for more details regarding this issue.