000017196 - How to disable SSH access on SecurID appliances to mitigate ShellShock vulnerabiilty

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017196
Applies ToAuthentication Manager Appliance, SecurID Appliance, App3.0.4, Appliance 3.0.4, Appliance 8.x, AM 8.1, AM 8.0, AM 8.1, AMX 1.0, Authentication Manager Express
see also Secure Care Online, SCOL Knowldege Base KB solution a67980
Bash Code Injection Vulnerability via Specially Crafted Environment Variables
IssueHow to disable SSH access on SecurID appliances to mitigate ShellShock vulnerabiilty
Vulnerability Scan reports; CVE-2014-6271, CVE-2014-7169, SHELLSHOCK, BashBug, or BashBleed on an RSA SecurID Authentication Manager Appliance
 
ResolutionThe procedure for disabling ssh is as follows:
AM 7.1.4 -
-          As the operations Console Administrator, login to the appliance?s RSA Operations Console
-          Go to the page: Administration -> Networking -> Configure Connectivity using SSH
-          For all NICs, if the box ?Enable SSH? is checked, click the box to remove the check.
-          Click ?Save?
-          Repeat the process for all AM 7.1 appliances
AM 8.1 -
-          As the operations Console Administrator, login to the appliance?s RSA Operations Console
-          Go to the page: Administration -> Operating System Access
-          If the box ?Enable SSH? is checked for any network interfaces, click the box to remove the check.
-          Click ?Save?
-          Repeat the process for all AM 8.1 appliances
For AMX - Same as AM 8.1 but the page is named differently:
AMX 1.0 -
-          As the operations Console Administrator, login to the appliance?s RSA Operations Console
-          Go to the page: Administration -> OS Access Using SSH
-          If the box ?Enable SSH? is checked for any network interfaces, click the box to remove the check.
-          Click ?Save?
-          Repeat the process for all AMX appliances
SSH access is disabled by default and should not be enabled except for special maintenance operations.  When SSH access is not required the feature should be returned to the disabled state.  ssh should only be used in secure environments.
 
NotesOriginal release date: 09/24/2014
Last revised: 09/24/2014
Source: US-CERT/NIST
Overview
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=1141597
Type: Patch Information
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1141597
External Source: CONFIRM
Name: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Hyperlink: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Read More at  https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA&
 
Legacy Article IDa68034

Attachments

    Outcomes