GNU Bash Vulnerability ‘Shellshock’
Like many other companies, Quantum has been affected by the Shellshock bug, a serious vulnerability in GNU Bourne Again Shell (Bash), the common command-line shell utility, which may allow an attacker to remotely execute arbitrary code (more information at https://www.us-cert.gov/ncas/alerts/TA14-268A).). A number of Quantum products are built upon operating environments that incorporate Bash and may be exposed to this vulnerability.
Quantum is committed to providing timely product updates to correct the Shellshock bug, and this advisory will be updated accordingly as we move forward.
Unaffected Quantum Products
The following Quantum products are known to be unaffected by the Shellshock bug.
- Scalar DLC
- StorNext File System
- StorNext Storage Manager
- StorNext Q-series
- Tape Libraries (except Scalar i6000/ i2000)
Vulnerable Quantum Products
Versions of the following Quantum products are known to be vulnerable to the Shellshock bug.
- StorNext Appliances
- Scalar LTFS
- Scalar Key Manager
- Scalar i6000/i2000
If a product is not listed within this document then the product does not include bash.
Successful exploitation of this vulnerability may lead to execution of arbitrary commands resulting in disclosure of information, modification of data and/or service disruption.
Software Versions and Fixes
Patches to Quantum software and firmware are in progress; please contact your Quantum service representative for the latest status on availability.
- US-CERT Alert (TA14-268A) GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)
In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 3241 1164. You will need your system serial number. For additional contact information, please visit our service contact center.