Bash bug Vulnerability (Shellshock) in RSA products

2 years ago

Originally Published: 2014-09-25

Article Number

000045961

Applies To

Bash
Shell
CVE-2014-6271
Shellshock Vulnerability

Issue

Bash bug Vulnerability (Shellshock) in RSA products

Cause

EMC CONFIDENTIAL ? SUBJECT TO NON-DISCLOSURE AGREEMENT/CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT

Issue: GNU Bash versions 1.14.0 through 4.3 are indicated to be vulnerable to Bash bug Vulnerability (CVE-2014-6271).

References:

NVD:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

Resolution

Resolution: RSA is aware of this issue and working with product organizations to investigate the issue and identify any impact. The impact of this vulnerability on RSA products may vary depending on the affected product.

This table will be updated as additional information becomes available.

RSA Product Name	Versions	Impact	Additional Information
3D Secure	ALL Supported	Remediated	Hosting environment patched
Access Manager	ALL Supported	No Impact
Adaptive Authentication Hosted	ALL Supported	Remediated	Hosting environment patched
Adaptive Authentication On Prem	ALL Supported	No Impact
Archer	ALL Supported	No Impact
Archer Vulnerability & Risk Manager (VRM)	ALL Supported	Impacted	Remediation under investigation
Authentication Manager Software Platform	5.x,6.x,7.x	No Impact
Authentication Manager Appliance	3.0,8.0,8.1	Remediated	Security Advisory - Oct 8
Authentication Manager Express	1.0	Remediated	Security Advisory - Oct 8
Aveksa On-Prem	ALL Supported	Remediated	Security Advisory
Aveksa Hosted	ALL Supported	No Impact
AveksaStealthAUDIT	No Impact
BSAFE	ALL Supported	No Impact
Data Loss Protection	ALL Supported	Remediated	Security Advisory
Data Protection Manager	ALL Supported	IMPACTED	Remediation under investigation
Digital Certificate Server	ALL Supported	No Impact
ECAT	ALL Supported	No Impact
enVision	ALL Supported	No Impact
Federated Identity Manager	ALL Supported	No Impact
FraudAction	ALL Supported	Remediated
Netwitness Concentrator	9.8.x	Remediated	Remediation Instructions
Netwitness Decoder	9.8.x	Remediated	Remediation Instructions
Netwitness Broker	9.8.x	Remediated	Remediation Instructions
Netwitness Informer	1.x	No Impact
RSA Live Infrastructure	ALL Supported	Remediated
SecurID 700 Hardware Token	ALL Supported	No Impact
SecurID 800 Hardware Token	ALL Supported	No Impact
SecurID Agent for PAM	ALL Supported	No Impact
SecurID Agent for UNIX	ALL Supported	No Impact
SecurID Agent for Web	ALL Supported	No Impact
SecurID Agent for Windows	ALL Supported	No Impact
SecurID Authentication Engine	ALL Supported	No Impact
SecurID Authentication SDK	ALL Supported	No Impact
SecurID Software Token Converter	ALL Supported	No Impact
SecurID Software Token for Android	ALL Supported	No Impact
SecurID Software Token for Blackberry	ALL Supported	No Impact
SecurID Software Token for Desktop	ALL Supported	No Impact
SecurID Software Token for iPhone	ALL Supported	No Impact
SecurID Software Token for Windows Mobile	ALL Supported	No Impact
SecurID Software Token Toolbar	ALL Supported	No Impact
SecurID Software Token Web SDK	ALL Supported	No Impact
SecurID Transaction SigningSDK	ALL Supported	No Impact
Security Analytics Platform Physical and Virtual Appliances	10.0.x-10.4.x	Remediated	Remediation Instructions
Security Analytics Malware Analytics	10.0.x-10.4.x	Remediated
Security Analytics (Windows Legacy Collector)	10.0.x-10.4.x	No Impact
Security Analytics Warehouse (DCA ? Pivotal)		No Impact
Security Analytics Warehouse (MapR)		Remediated	Remediation Instructions
Spectrum	1.x	Remediated	Remediation Instructions
Web Threat Detection (Silvertail)	ALL Supported	No Impact

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles