Posted by Garrett Moedl in ArcSight Product Announcements on Sep 25, 2014 11:49:30 AM

HP ArcSight is aware of the "Bourne Again Shell (BASH) Remote Code Execution Vulnerability," CVE-2014-6271, related to the vulnerability affecting Unix-based operating systems such as Linux. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

Although the ArcSight appliance products (HP ArcSight Logger / HP ArcSight Management Center / HP Arcsight Express) don't use CGI, HP ArcSight will continue to monitor the BASH vulnerability and how it could affect ArcSight products.  As all HP ArcSight appliances are self-contained, customer are NOT advised to try and update their appliances independently but to wait for the HP ArcSight patches.

For customers running ESM software, Logger software or ArcMC software on their sever (or in a virtual machine), it is strongly recommended they patch their Bash system which ESM is installed upon. The software products are not self-contained and customers have the ability to patch their system directly.

Specific information can be found here:

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

distributed by