MultiTech Developer Resources » Topic: Shellshock

Shellshock

This topic has 2 replies, 3 voices, and was last updated 10 years, 5 months ago by Bryon Davis.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
September 26, 2014 at 10:07 am #6010

Rob Watkins
Participant

Is the embedded management interface or any other part of the iSMS SF100G vulnerable to Shellshock?

September 26, 2014 at 5:36 pm #6012
Darrik Spaude
Keymaster
Hi Rob,

The vulnerability affects versions 1.14 through 4.3 of GNU Bash. The iSMS has a vulnerable version of bash. However, even though the product contains a vulnerable version of bash, it doesn’t necessarily mean the vulnerability is easily exploitable. The iSMS does not use Apache for the web server which was one avenue to exploit. However, since it does have terminal access via telnet there’s always a possibility of vulnerability whether through a bug or through poor password security.

We’re still working on what else we need to do regarding this security vulnerability.
- This reply was modified 10 years, 6 months ago by Darrik Spaude.
November 13, 2014 at 1:37 pm #6077

Bryon Davis
Moderator

Hi Rob,
The iSMS shellshock fixes are available on the FTP site.

SF100 v1.51.27:
https://webfiles.multitech.com/engineering/unofficial-releases/iSMS%20(Formerly%20SMSFinder)/Firmware/SF100/1.51.27/SF100-u-v1.51.27-10Nov2014.zip

SF400 and SF800 v1.51.27:
https://webfiles.multitech.com/engineering/unofficial-releases/iSMS%20(Formerly%20SMSFinder)/Firmware/SF400_SF800/1.51.27/SF400-800-u-v1.51.27-10Nov2014.zip

Instructions for upgrading are included in the readme file.

Regard,
Bryon
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.