Quantum Product Support

GNU Bash Vulnerability ‘Shellshock’


Summary

Like many other companies, Quantum has been affected by the Shellshock bug, a serious vulnerability in GNU Bourne Again Shell (Bash), the common command-line shell utility, which may allow an attacker to remotely execute arbitrary code (more information at https://www.us-cert.gov/ncas/alerts/TA14-268A).). A number of Quantum products are built upon operating environments that incorporate Bash and may be exposed to this vulnerability.

Quantum is committed to providing timely product updates to correct the Shellshock bug, and this advisory will be updated accordingly as we move forward.


Unaffected Quantum Products

The following Quantum products are known to be unaffected by the Shellshock bug.

  • Scalar DLC 
  • StorNext File System 
  • StorNext Storage Manager 
  • StorNext Q-series 
  • Tape Libraries (except Scalar i6000/ i2000) 

Vulnerable Quantum Products

Versions of the following Quantum products are known to be vulnerable to the Shellshock bug.

  • DXi-Series 
  • Lattus 
  • StorNext Appliances 
  • Scalar LTFS 
  • Scalar Key Manager 
  • Scalar i6000/i2000 
  • Vision 
  • vmPRO 

If a product is not listed within this document then the product does not include bash.


Impact

Successful exploitation of this vulnerability may lead to execution of arbitrary commands resulting in disclosure of information, modification of data and/or service disruption.
 

Software Versions and Fixes

Patches to Quantum software and firmware are in progress; please contact your Quantum service representative for the latest status on availability.
 

References

Contact Information

In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 3241 1164. You will need your system serial number. For additional contact information, please visit our service contact center.