• Support
  • Forums
  • Blogs

USM v4.11.1 Patch Release

jhansenjhansen

AlienVault Employee
+10

Patch Release Summary


AlienVault v4.11.1 is now available as of September 26th, 2014.

Patch Releases are minimally disruptive to your USM / OSSIM deployment and are intended to fix only defects. They do not contain new functionality. Read the change log below and apply the patch during an appropriate service window.


This patch will eliminate the recently discovered Shellshock Bash vulnerability. See this blog post for more detailed information on Shellshock. USM and OSSIM v.4.11 and lower are currently known to be vulnerable. Update to v4.11.1 to eliminate the vulnerability.

Note: When installed this update will show as v4.11.0.  The update was made to minimize the update necessary to the system.  Only the 'bash' and 'apt' packages are updated in the process.


Fixed Security Issues


  • ENG-97400 / ENG-97427 - Fixed Shellshock Bash vulnerability in the AlienVault appliance operating system
  • ENG-97391 - Fixed apt package vulnerability in the AlienVault appliance operating system

For more information on the security advisories related to this release, see here.



How to Verify The Update


Once the update is completed you can verify that the update is successful by following the steps below.
  1. Go to Configuration > Deployment
  2. Select (double click) the AV component from the list to see the details of that component
  3. Click on the number link next to the "Packages Installed" table item.  This will open up the package list.
  4. In the search button, type in "bash" (without the quotes).  This will display the bash package.
You should see "4.1-3+deb6u2" as the bash version.  If you see "4.1-3" it means it is not updated.

Share post:

Comments

  • @jhansen, What was the extent and nature of the exposure? Was it directly in bash as an authenticated user (cli admin ) or was there remote exposure in the products?
  • Hi @iamfromit, the exposure for USM / OSSIM is pretty minimal from what we were able to tell.  Given the nature of the exposure, however, we felt it prudent to push the patch now instead of waiting a couple weeks for the next update.  If someone does come up with an exploit path I would love to know about it.  Regardless, it is a good idea to update and eliminate the risk.
     
  • How can we verify that we ran the update ? I dont see any kind of validation or in the Threat database was updated?
  • Please check the bash package version. It should have been updated to 4.1-3deb6u2, which contains the fix:

    ii  bash                                4.1-3+deb6u2                    The GNU Bourne Again SHell
  • Yes. Got it.. It shows the bash version as "4.1-3+deb6u2". So this update is to patch USM not the USM capability to detect this CVE.. Am i correct?
  • For the Pro version, it does both, since it includes the directives that would alert on such attacks.  
  • @l3security,
    we updated the threat intelligence content on September 24th shortly after the bash vulnerability was published.  The threat intelligence update includes new IDS signatures and correlation directives to help detect exploits related to the vulnerability.  Separately, we updated the bash package (this notice) on the appliances to eliminate the vulnerability on the USM and OSSIM appliances.  If you do a full update you should get both the threat intelligence update and appliance update.
  • I had to upgrade my OSSIM 4.10 anoline
    And I see 4.11 version
    Not 4.11.1
    What is it?
  • @Barns, yeah that confused me also until you read the release note to the end:

    Note: When installed this update will show as v4.11.0.  The update was made to minimize the update necessary to the system.  Only the 'bash' and 'apt' packages are updated in the process.

  • @rmckee
    My fault :( sorry
Sign In or Register to comment.