Symantec has created the following process to identify Unix, Linux and Mac (ULM) computers that are vulnerable to the Bash ShellShock bug.

Description

The process uses a custom inventory script that can be ran on ULM clients. A zipped file is attached to this knowledge base article. The file name is: vulnerabilities-check-dataclass.zip. It contains three files which should be imported into the NS console Reports menu. The files are:

1. vulnerabilities-check-dataclass.xml - the custom inventory data class.
2. bash-vulnerabilities-check.xml - the custom inventory shell script compatible for all ULM platforms
3. vulnerabilities-check-report.xml - the pre-built report showing results from the custom inventory script

After importing and running the script, the report will show the vulnerability status for four CVEs. CVE is an industry term for "Common Vulnerabilities and Exposures". The CVEs reported by this process are:

• CVE-2014-6271 - Initial attempt to fix the bash shell shock bug
• CVE-2014-7169 - Second attempt to fix the bash shell shock bug
• CVE-2014-7186 - Fixes a possible overflow issue with the bash parser
• CVE-2014-7187 - Fixes an issue with deeply-nested flow controls in bash

Here are a few links to the patches provided by a few OS vendors. Please see the respective OS vendors for further details and to download applicable patches. Note that not all CVEs are applicable to every OS platform or vendor.

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7169
• http://support.novell.com/security/cve/CVE-2014-7169.html
• http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US

Usage

To use this custom inventory script and report:

1. Download "vulnerabilities-check-dataclass.zip" from this KB article to a location accessible from the NS Console and unzip the file.
2. In the NS console, click Reports -> All Reports.
3. Create or choose any place in the left-hand menu tree for your custom reports (eg. “Discovery and Inventory -> Inventory) and on right click select New->Folder. Name it appropriately, eg., “Bash Shellshock”.
4. Right click on a newly created folder and select “Import”.
5. Import all 3 downloaded files in archive. Note: 'vulnerabilities-check-dataclass.xml' should be imported first
6. After successfully importing the three files, click on the shell script, named “Bash vulnerabilities check”, and run this task on your Unix/Linux/Mac clients. Note that this can be added to a policy, a job or ran using the task 'quick run' option.
7. Click on the report named “Vulnerabilities check” to see the report details and identify vulnerable machines.

Advisory: View KM: TECH225088 for more details regarding this issue.