Is Netreo vulnerable to the ShellShock BASH exploit?

In September 2014, the vulnerability CVE-2014-6271 (also known as Shellshock) was discovered in the BASH operating system shell used in most or all versions of Linux (as well as Mac OS X). Netreo evaluated this vulnerability and determined that our products are NOT vulnerable to this exploit. Although the affected version of BASH was present in the version of Linux used by Netreo, Netreo uses advanced forms of access security to protect the system from intrusion, and does not use CGI, making it effectively impossible to exploit this vulnerability.

Netreo has also released a patch to remove any possibility of this exploit being exposed in the future.

In practice, the risk of this type of exploit for Netreo customers is very low anyway, as Netreo is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. Netreo also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Netreo Appliance Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.