News is breaking about a major new high severity vulnerability, CVE-2014-6271, with widespread impact. Gnu Bourne again shell (Bash) is a UNIX like command shell that is included in most distributions of Linux and also Apple OS X. The vulnerability allows an attacker to create environment variables that include malicious code before the system calls the Bash shell. The nature of the exposure can vary depending on how Bash is used, but it can lead to arbitrary command execution on affected systems. There are reports that is has already been exploited in the wild.
Are WatchGuard products affected?
All Firebox and XTM models are not affected. The Fireware operating system is hardened to remove any unnecessary features, and does not include a Bash shell. WatchGuard Wireless Access Points, SSL 100 and 560, XCS, and QMS also do not include or install Bash. They are not vulnerable.
The Linux distribution included in WatchGuard Dimension includes bash, but the exposure to this vulnerability is low since Dimension does not use AcceptEnv or CGI. Nevertheless Dimension automatically downloads security updates for its Linux components. Just make sure that you don’t have any upstream firewall that blocks access to security.ubuntu.com and archive.ubuntu.com.
Download and deploy patches from your vendors immediately.
For WatchGuard Users
The WatchGuard IPS signature team has developed and released a signature to identify exploits of the Bash vulnerability. It is included in signature set 4.454. If your Firebox and XTM appliances are configured to receive automatic updates, you will get the new signature.
We’ll keep this post updated as more news is available.