The Bash vulnerability and how it affects the Snare product suite
All versions of the Snare Server prior to v6.3.5 are running a vulnerable version of Bash, known as the Shellshock vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7187, CVE-2014-7186) (http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html). If you are running a previous version, it is recommended that you upgrade your Snare Server to version 6.3.5 (released 29-SEP-2014) as soon as possible to ensure that your server is not affected by this vulnerability.
The risk level of vulnerable versions is low, as the Snare Server web server is not running a vulnerable server configuration, although other components (such as SSH) may have opened up the possibility for abuse. An ssh connection to a Snare Server will still require the authentication to be valid for the connecting user in attempting the exploit. Given a Snare Server command line access is usually restricted to the admin users only this issue would be a low risk activity. If customers have other users that have command line access to their Snare Servers then the likelihood of an attack is much greater. As per normal security practices all admin console access (web and SSH) to the Snare Server should be restricted to only users who require access as part of their job function.
v4 and v5 Snare Servers: For these customers who are unable to upgrade to v6, we recommend auditing your access controls to ensure only authorised access to the Snare Server. A hot fix is available for v4 and v5 Snare Servers. Please download from the Secure Area. A document on the hot fix is available here. If you cannot access the Secure Area then please see your Snare representative for support.
Please note that all Snare Agents are NOT affected by this Bash vulnerability.