Thank you for your feedback



Lexmark Security Advisory: Bash Shellshock Vulnerability

Document ID:TE651

Usergroup :External
  Languages  
  Properties  

Solution

Lexmark Security Advisory: 

Revision: 1.0

Last update: 30 September 2014

Public Release Date: 2 October 2014 

 

Summary

Bash Shellshock Vulnerability

Lexmark has learned of a series of vulnerabilities in the open-source bash shell program that allows an attacker to execute arbitrary commands on a vulnerable system.

No Lexmark devices or software products are affected by this vulnerability.

 

References

CVE: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187

 

Details

On September 24th, 2014 a series of vulnerabilities, commonly referred to as “Shellshock” was announced in the open-source software package bash. The vulnerability allows for arbitrary code execution on affected systems.

 

Vulnerability Scoring Details (CVE-2014-6271)

CVSS Base Score 10

Impact Subscore: 10
Exploitability Subscore: 10 

Exploitability: Impact:
Access Vector: Network Confidentiality: Complete
Access Complexity: Low Integrity: Complete
Authentication:None Availability: Complete


CVSS scores are calculated in accordance with CVSS version 2.0 (http://www.first.org/cvss/cvss-guide.html)

 

Impact

No Lexmark devices or software products are affected by this vulnerability. But customers should confirm that bash is patched for this issue on any system on which Lexmark software is installed.

 

Unaffected Products

Lexmark devices and software products are not affected by this vulnerability.

 

Affected Products

No Lexmark devices or software products are affected by this vulnerability.

 

Exploitation and Public Announcements

Lexmark is aware of unconfirmed reports of malicious use of the vulnerability described in this advisory.

 

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.

 

Distribution

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts
Future updates to this document will be posted on Lexmark’s web site at the same location.

 

Revision History

Revision                         Date                                                  Reason

   1.0                    30 -September-2014                     Initial Public Release

 

 



Link:
Please enter the email address you would like to send a copy of this page to.