As I had thought .
It IS an issue with Windstream as clients are calling in and Mitel IS aware of it .
We were told that We would get an answer ASAP , perhaps tomorrow so we will wait and see ..
"We do have this vulnerability. But this isn't exploitable remotely. By default, MSL turn off the SSH connection to public network (and we also suggest that).
You could double check on your system, in Server-manager--Security--Remote access--secure shell setting, make sure we are not allowing public access. If so, we don't need worry about this by now.
Our design is also working on this to get it patched in next version."
Remote Code Execution Vulnerability in BASH Interpreter
#2014-1004-04
Remote Code Execution Vulnerability in BASH Interpreter
Oct 1, 2014
Background
The ShellShock bug is a group of serious vulnerabilities in the popular BASH shell interpreter. It is also widespread, existing in most Linux-based products. Since the initial vulnerability was first announced and patched, new aspects of the vulnerability have been discovered. These are being tracked as CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278.
The flaw involves improper processing of environment variables. In certain configurations, the ShellShock vulnerability may allow an unauthenticated remote attacker to execute malicious code on a targeted system. Of particular concern are services that receive a request via HTTP and use BASH to execute commands on the server. In some configurations, this vulnerability could be used to install malware on a server. Independent reports indicate that vulnerable systems are being targeted and compromised to be used in botnets.
Summary
Mitel is monitoring this dynamic situation very carefully. We are conducting a thorough investigation of its entire portfolio to ascertain which of our products may be susceptible. This security advisory will be updated as new information emerges and as our investigation progresses.
The following products that may be vulnerable
Customers are advised to contact Mitel or Aastra support.
Yea we got that same letter form Windstream and verified it with our Mitel rep .
Last we heard , it was no new info and when we do have info we will let you know .
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.