cancel
Showing results for 
Search instead for 
Did you mean: 

Is SA vulnerable to CVE 2014-6271?

Highlighted
Occasional Contributor

Is SA vulnerable to CVE 2014-6271?

Can anyone tell me if any SA software is available to CVE 2014-6271? Pretty sure its core is not GNU Bash but just want to make sure.

 

Thanks!

14 REPLIES 14
Highlighted
Super Contributor

Re: Is SA vulnerable to CVE 2014-6271?

came here to ask the exact same question. 

Highlighted
Frequent Contributor

Re: Is SA vulnerable to CVE 2014-6271?

Ups...

 

release 8.0R6 Smiley Sad

 

$ /usr/bin/ssh -o "rsaauthentication yes" XX.XXX.XXX.XXX '() { ignored; }; ping -c 3 127.0.0.1'
Password:
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.025 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.029 ms

--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.025/0.028/0.032/0.006 ms, pipe 2
<hello xmlns="urn:ietfSmiley Tonguearams:xml:ns:netconf:base:1.0">
    <capabilities>
        <capability>urn:ietfSmiley Tonguearams:netconf:base:1.0</capability>
        <capability>urn:ietfSmiley Tonguearams:netconf:base:2.0</capability>
        <capability>http://xml.juniper.net/dmi/software/1.0</capability>
        <capability>http://xml.juniper.net/dmi/software/2.0</capability>
        <capability>http://xml.juniper.net/dmi/system/1.0</capability>
        <capability>http://xml.juniper.net/dmi/ive-sa/8.0R6</capability>
        <capability>urn:ietfSmiley Tonguearams:xml:ns:netconf:base:1.0</capability>
        <capability>urn:ietfSmiley Tonguearams:netconf:capability:writable-running:1.0</capability>
    </capabilities>
    <session-id>28301</session-id>
</hello>
]]>]]>
^CKilled by signal 2.

Highlighted
Super Contributor

Re: Is SA vulnerable to CVE 2014-6271?

flip_pipe

 

and what does this mean?

Highlighted
Valued Contributor

Re: Is SA vulnerable to CVE 2014-6271?

Here is Juniper official statement about the bash vulnerability:

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=JSA10648&smlogin=true

Highlighted
Occasional Contributor

Re: Is SA vulnerable to CVE 2014-6271?

Thanks Kita!


@kita wrote:

Here is Juniper official statement about the bash vulnerability:

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=JSA10648&smlogin=true


 

Highlighted
Not applicable

Re: Is SA vulnerable to CVE 2014-6271?

Hi flip_pipe,

 

Can you tell us how are you doing ssh to you sa device? How do you enable ssh?

Highlighted
Occasional Contributor

Re: Is SA vulnerable to CVE 2014-6271?

I want to know that too, and according to Juniper's official statement, SA/MAG devices are not vulnerable. Besides, I don't understand why SA device would return XML stream after ping is executed.

Highlighted
Valued Contributor

Re: Is SA vulnerable to CVE 2014-6271?

SSH is not available on the SA.   This is not a bash terminal.

Highlighted
Occasional Contributor

Re: Is SA vulnerable to CVE 2014-6271?

Then how SA responded with non-netconf command "ping -c 3 127.0.0.1", should not SA refuse any thing else if netconf subsystem is not specified by client? I also don't understand why he specified ssh option "rsaauthentication yes" yet he had to enter password.