Re: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
Frank: *Description** **Symptoms:* The Cisco Wireless LAN Controller includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 This bug has been opened to address the potential impact on this product. *Conditions:* Devices with default configuration. *Workaround:* Not available. *Further Problem Description:* *PSIRT Evaluation:* The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1version=2vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html *Customer Visible* *Was the description about this Bug Helpful?* (0) *Details** **Last Modified:* Sep 25,2014 *Status:* Open *Severity:* 2 Severe *Product:* Cisco 5500 Series Wireless Controllers *Support Cases:* 0 *Known Affected Releases: * (3) 7.4(121.0) 7.6(130.0) 8.0(100.0) *Known Fixed Releases: * (0) On 9/25/14 7:13 PM, Frank Bulk wrote: Frustrating that I can't drill down on this one: Cisco Wireless LAN Controller [CSCur02981] Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt Sent: Thursday, September 25, 2014 8:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco- sa-20140926-bash Sent from my iPhone ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability
Just FYI, I believe they're calling this particular vulnerability is called ShellShock if you want to research this further. Eric Barnett Wireless Administrator Information and Technology Services Arkansas State University 870 680 4243 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt Sent: Thursday, September 25, 2014 8:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash Sent from my iPhone ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Give a little, get a little
Hello to the list. Gathering data on WLAN professionals, a bit on our experiences, and how we see some of the newer issues that go with Wi-Fi. Here's a 33-question survey (mine) https://www.quicksurveys.com/s/j2MLc and there is no goal other than just gathering (hopefully) hundreds of replies and sharing them back to the WLAN community at large. If you feel like kicking in 5 minutes, it would be appreciated. In a week or so, I'll share it all back with the list. This is not aimed at higher ed exclusively, so feel free to share with anyone you know that does WLAN for a living in any capacity (design/sales/installation/support). Thanks! Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Give a little, get a little
On Fri, Sep 26, 2014 at 08:25:55PM +, Lee H Badman wrote: If you feel like kicking in 5 minutes, it would be appreciated. In a week or so, I'll share it all back with the list. Given that we run exclusively Cisco... How do you feel about the products you install/sell/support? -It's really good stuff -Not the best quality stuff, but I feel good about it -It is bug-riddled crap, or gimmicky -I'm so very ashamed... Can we tick all four? :) Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Give a little, get a little
Indeedy, I also felt that we ought to have a question 'How many dedicated wlan staff do you have?' Thanks -- ian Sent from my phone, please excuse brevity and misspelling. From: Matthew Newtonmailto:m...@leicester.ac.uk Sent: 26/09/2014 21:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Give a little, get a little On Fri, Sep 26, 2014 at 08:25:55PM +, Lee H Badman wrote: If you feel like kicking in 5 minutes, it would be appreciated. In a week or so, I'll share it all back with the list. Given that we run exclusively Cisco... How do you feel about the products you install/sell/support? -It's really good stuff -Not the best quality stuff, but I feel good about it -It is bug-riddled crap, or gimmicky -I'm so very ashamed... Can we tick all four? :) Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Give a little, get a little
Aye, we're in the same boat... On Sep 26, 2014, at 4:56 PM, Matthew Newton m...@leicester.ac.uk wrote: On Fri, Sep 26, 2014 at 08:25:55PM +, Lee H Badman wrote: If you feel like kicking in 5 minutes, it would be appreciated. In a week or so, I'll share it all back with the list. Given that we run exclusively Cisco... How do you feel about the products you install/sell/support? -It's really good stuff -Not the best quality stuff, but I feel good about it -It is bug-riddled crap, or gimmicky -I'm so very ashamed... Can we tick all four? :) Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Give a little, get a little
Hi Ian, I may do another one of these in a couple months for higher Ed WLAN specifically, would try to capture that sort of thing. This one was more meant to capture the individual over the organization. -Lee On Sep 26, 2014, at 4:58 PM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Indeedy, I also felt that we ought to have a question 'How many dedicated wlan staff do you have?' Thanks -- ian Sent from my phone, please excuse brevity and misspelling. From: Matthew Newtonmailto:m...@leicester.ac.uk Sent: ?26/?09/?2014 21:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Give a little, get a little On Fri, Sep 26, 2014 at 08:25:55PM +, Lee H Badman wrote: If you feel like kicking in 5 minutes, it would be appreciated. In a week or so, I'll share it all back with the list. Given that we run exclusively Cisco... How do you feel about the products you install/sell/support? -It's really good stuff -Not the best quality stuff, but I feel good about it -It is bug-riddled crap, or gimmicky -I'm so very ashamed... Can we tick all four? :) Matthew -- Matthew Newton, Ph.D. m...@le.ac.ukmailto:m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.ukmailto:ith...@le.ac.uk ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.