Friday 26th September 2014

Infoblox, Inc. -- Initial Response to CVE-2014-6271, CVE-2014-7169

Regarding the recently announced vulnerabilities in the bash shell (CVE-2014-6271, CVE-2014-7169): Our current assessment is that the Infoblox DDI product family running NIOS and the Infoblox Network Automation product family (NetMRI, Automation Change Manager and Switch Port Manager) are not directly vulnerable to these exploits. For those NIOS customers using Bloxtools, a custom development environment, the Bloxtools environment may be vulnerable. We are investigating this further and will update this KB article.

As a best practice measure, Infoblox will be providing updates to current NIOS and Network Automation versions to replace the version of bash installed. Once more detail is determined a Knowledge Base Article will be posted with full details and references.

distributed by