That’s systemshell available on clustered ontap and probably 7 mode.

 

It’s a diag level BSD shell

 

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Fred Grieco
Sent: Friday, 26 September 2014 2:20 a.m.
To: Douglas Siggins; toasters@teaparty.net
Subject: Re: CVE-2014-6271: remote code execution through bash

 

How do you get to this prompt?  Is this cmode or 7mode?


TIA,

Fred

 

From: Douglas Siggins <siggins@gmail.com>
To: "toasters@teaparty.net" <toasters@teaparty.net>
Sent: Wednesday, September 24, 2014 3:03 PM
Subject: CVE-2014-6271: remote code execution through bash


Looks like we are waiting for word from Netapp on this one:

netapp% uname -a
Data ONTAP xxxxxxx 8.2.1 Data ONTAP Release 8.2.1 amd64
netapp% Wed Sep 24 15:00:00 EDT [bosnamail20:kern.uptime.filer:info]:
3:00pm up 41 days, 39 mins, 603179098 NFS ops, 0 CIFS ops, 0 HTTP
ops, 0 FCP ops, 0 iSCSI ops
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
netapp%

bash --version
GNU bash, version 3.2.48(1)-release (x86_64-pc-freebsd)
Copyright (C) 2007 Free Software Foundation, Inc.


I doubt there are many vectors that this vuln would work, but still a
little concerning.
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters



Disclaimer

 

The information in this e-mail is confidential and may contain content that is subject to copyright and/or is commercial-in-confidence and is intended only for the use of the above named addressee. If you are not the intended recipient, you are hereby notified that dissemination, copying or use of the information is strictly prohibited. If you have received this e-mail in error, please telephone Fujitsu New Zealand Limited on 4 4950700 or by reply e-mail to the sender and delete the document and all copies thereof.

 

Whereas Fujitsu New Zealand Limited would not knowingly transmit a virus within an email communication, it is the receiver’s responsibility to scan all communication and any files attached for computer viruses and other defects. Fujitsu New Zealand Limited does not accept liability for any loss or damage (whether direct, indirect, consequential or economic) however caused, and whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.

 

If you do not wish to receive commercial and/or marketing email messages from Fujitsu New Zealand Limited, please email unsubscribe@nz.fujitsu.com