Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Matthew_Mollenhauer
New Contributor III

Created on ‎09-24-2014 03:39 PM

If you use BASH shell environment

Just an FYI, https://access.redhat.com/security/cve/CVE-2014-6271, I wouldn' t say it' s as bad as heartbleed but it' s definitely not good. Regards, Matthew
17614
0 Kudos
22 REPLIES 22
jtfinley
Contributor
In response to teedub

Created on ‎10-01-2014 06:45 AM

I did create custom rules in my sensors to drop traffic matching these sigs, as the built rule default action is alert. Might want to be aware of that!
@teedub Looks like the updated sig has default action to block now. v553 Thanks for the link; all interesting stuff to read over.
912
0 Kudos
ede_pfau
Esteemed Contributor III

Created on ‎10-01-2014 05:15 AM

The IPS signature is called " Bash.Function.Definitions.Remote.Code.Execution" . It applies to servers and clients, OS=" Other,Linux" and is dated 2014-09-29. I found it using a filter on the modification date...

Ede

"Kernel panic: Aiee, killing interrupt handler!"
912
0 Kudos
ede_pfau
Esteemed Contributor III
In response to ede_pfau

Created on ‎10-02-2014 07:26 AM

Fortinet has released an Info page on Fortiguard.com: http://www.fortiguard.com/advisory/FG-IR-14-030/ Contains " products affected" , the use of the IPS signature on FortiGates and references. Seems there are 4 CVEs now on this topic.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
912
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.