X
    Categories Company News

AppNeta Response to “Shell Shock” Bash Vulnerability

AppNeta no longer blogs on DevOps topics like this one.

Feel free to enjoy it, and check out what we can do for monitoring end user experience of the apps you use to drive your business at www.appneta.com.

[UPDATE Thursday September 25th 2014 23:59 ET]

This is a progress update to notify all users that remote Appliance patching is underway. Once completed the Appliance build should read 7.9.0.11818 or greater.

IMPORTANT:

For those Appliances with Upgrade Type set to Manual or Scheduled, you must upgrade yourself to ensure protection from this vulnerability

[UPDATE Thursday September 25th 2014 21:39 ET]

AppNeta Engineering has applied a further round of updates across all hosted services (TraceView, PathView, FlowView, AppView) relative to the most recent updates available (see here for package info).

The team is also very close to release for a patch that addresses remote AppNeta appliances.  As soon as it is available it will be released. For customers who have appliance upgrades set as “managed” they will be automatically updated. Other customers will see in-application notifications that updates are available. The updates will happen on the regular schedule or can be manually applied.

A security vulnerability disclosed yesterday (Wed, Sept. 24) in bash, a common Linux command-line environment, allows remote code execution to occur on affected machines.  As the majority of AppNeta’s infrastructure is hosted on Linux machines running affected bash versions, our ops team took immediate action to patch affected systems and inspect for intrusion.

As of 3pm ET 9/25/14, we have patched all of our SaaS-hosted instances.  No intrusions were detected.  A forthcoming update will address potential vulnerabilities in deployed micro-appliances.  Read on for more information on detailed status.

The team is watching closely as this issue evolves and will take any necessary subsequent steps to continue to ensure protection from this and related issues.  Updates will be added to this post.

AppNeta TraceView

AppNeta Engineering has taken the necessary steps to ensure that the TraceView service is not vulnerable to this issue.

PathView, FlowView, AppView

AppNeta Engineering  has taken the necessary steps to ensure that the PathView Cloud public service is not vulnerable to this issue. The team is also working to release a patch for our appliances and expect that to be available in 1-2 days. As soon as it is available it will be released. For customers who have appliance upgrades set as “managed” they will be automatically updated. Other customers will see in-application notifications that updates are available. The updates will happen on the regular schedule or can be manually applied.

Private Cloud Appliance (PCA)

AppNeta Customer Care team is working closely with our engineering team to get a patch to all of our PCA customers as soon as possible. Customer Care will be in touch when this is available.

Please contact support@appneta.com with any questions.  Stay safe!

Dan Kuebrich: Dan Kuebrich is a web performance geek, currently working on Application Performance Management at AppNeta. He was previously a founder of Tracelytics (acquired by AppNeta), and before that worked on AmieStreet/Songza.com.