[syslog-ng-announce] BalaBit products are not exposed to CVE-2014-6271

devel at balabit.hu devel at balabit.hu
Fri Sep 26 17:58:02 CEST 2014 

------------------------------------------------------------------------------
SUMMARY             : BalaBit products are not exposed to CVE-2014-6271
PACKAGE             : Shell Control Box, syslog-ng Store Box, syslog-ng PE
VERSION             : All versions
DATE                : Sep 26, 2014
------------------------------------------------------------------------------

DESCRIPTION:

As published a few days ago, a bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems.

The BalaBit Security Team has analyzed the source code of all supported versions of every BalaBit products, and concluded that although our products contain the impacted version of Bash, none of our products are exploitable by the vulnerability described in CVE-2014-6271 aka. 'Shell Shock' or 'Bash vulnerability'.

We will incorporate the required Bash patches in the next regular security updates.

The following product versions were analyzed:

syslog-ng PE

4.0: There is no attack vector in this product.
5.0: There is no attack vector in this product.
5.1: There is no attack vector in this product.

SSB

3.0: The code review showed no vulnerable code.
3.1: The code review showed no vulnerable code.
3.2: The code review showed no vulnerable code.

SCB

3.0: The code review showed no vulnerable code.
3.5: The code review showed no vulnerable code.
4.0: The code review showed no vulnerable code.

For further information regarding the vulnerability, please consult:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Best Regards,

BalaBit





You are receiving this email because you showed interest in our  products.

Unsubscribe <http://www.balabit.com/newsletter/unsubscribe/4398019b4f2681fdce75b07177a6376942acc171/70ad6e5f080b1071>

from the syslog-ng Premium Edition Technical Newsletter.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 199 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng-announce/attachments/20140926/74ae7863/attachment.pgp

More information about the syslog-ng-announce mailing list