News from 2014-10-01


Meinberg Security Advisory: [MBGSA-1403] GNU Bash Environmental Variable Command Injection Vulnerability


Multiple vulnerabilities in the GNU Bash commandline shell allow the unauthorized execution of arbitrary shell commands by crafting a special definition of a shell environment variable and/or shell function. The BASH versions used in Meinberg LANTIME V4.x, V5.x and V6.x firmware versions are affected.

Update Oct 2, 2014 - added CVE-2014-6277 and CVE-2014-6278 as they are also fixed by the listed available updates

CVE-IDs:

CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169

1. Description of the Problem

The GNU BASH commandline shell used by Meinberg for their LANTIME network appliance firmware has been found to be affected by several security vulnerabilites. These vulnerabilities allow an attacker to run arbitrary shell commands by crafting a dedicated environment variable or function. The shell access on Meinberg LANTIME systems is restricted to superuser access level accounts and those have full access already, therefore the practical use is very low for a potential attacker.

Exploiting one of the vulnerabilities by using a CGI of the LANTIME web interface requires valid login credentials as well and any injected command would be executed with reduced access rights, limiting the potential damage that can be caused by abusing one of the vulnerabilities.

2. Affected Systems

All LANTIME Firmware Versions starting with V4.x are affected by this problem.

3. Potential Defense Strategies

An update to the latest firmware version is highly recommended to be protected against this threat.

Please request a download link for a firmware update by using our firmware request web page:
Firmware Updates for LANTIME Products including SyncFire

You need to provide the serial number of your LANTIME device in order to request a firmware update download link.

The following updates are currently available:
V4.x Update to V4.60
V5.x Update to V5.34p
V6.00.x - V6.14.x Update to V6.14.023
V6.15.x - V6.16.x Update to V6.16.002

If your systems are running a different firmware version, you can either update to one of the above listed versions or contact your Meinberg Technical Support Team for further assistance.

4. Additional Information Sources

More details about this vulnerability can be found on the following web sites:

https://ics-cert.us-cert.gov/advisories/ICSA-14-269-01
(ICS-CERT Advisory)

https://www.us-cert.gov/ncas/alerts/TA14-268A
(US CERT Alert)


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact