Shellshock vulnerability

FAQ: Are NComputing products affected by the Shellshock vulnerability?

We have reviewed all NComputing products to determine the impact for the issue described in CVE-2014-6271CVE-2014-7169CVE-2014-6277CVE-2014-6278CVE-2014-7186 and CVE-2014-7187 (also known as the Shellshock bug). 

NComputing software products by themselves do not embody the Shellshock vulnerability. 

However, NComputing software products leverage and run on 3rd party Linux OSs provided by the customer or distributed by NComputing as a Virtual Appliance that incorporates a 3rd party Linux operating system. Customers using NComputing software products on their 3rd party Linux OS images must update their Linux Operating System images in order to protect themselves from the Shellshock vulnerability described in CVE-2014-6271CVE-2014-7169CVE-2014-6277CVE-2014-6278CVE-2014-7186 and CVE-2014-7187

Linux vendors have issued security advisories for the newly discovered vulnerability including patching information. 

*Red Hat has updated its advisory for this vulnerability, noting that its initial patch is incomplete. 
If a patch is unavailable for a specific distribution of Linux, it is recommended that users switch to an alternative shell until one becomes available. 
Certain NComputing thin client products use an embedded version of 3rd party Linux OS. Only the NComputing N-Series and M-Series devices support bash. NComputing N-Series and M-Series thin clients are not vulnerable to the Shellshock bug unless root access to these devices is compromised. 

No other NComputing products are affected by the Shellshock bug. 

If you have any questions regarding this or other NComputing technical issues or concerns in your environment, please feel free to contact us or review additional self help technical content at the following link.

Article: 444  

REV 01/18

    • Related Articles

    • NComputing Health Monitor Server Vulnerability Patch

      This article is for vSpace Pro users who may be at risk from the Traversal Vulnerability in the Health Monitoring service. This cve does NOT effect our RX-HDX / CITRIX Platform devices CVE-2018-10201 – NComputing vSpace Pro Directory Traversal ...
    • FAQ: Are NComputing products affected by HeartBleed?

      We have reviewed NComputing products to determine the impact for the issue described in CVE-2014-0160 (also known as the Heartbleed bug) and determined that there is no exposure to the vulnerability described ...
    • Port Configuration for NComputing vSpace Products

      Use of this document This document will assist you with your port configuration for your environment's network, antivirus, firewall, and security software.  When not configured, some of the mentioned, can sometimes interfere with the initial ...
    • FAQ: VERDE 8.2 Frequently Asked Questions.

      VERDE 8.2 FAQs:   What’s new in VERDE 8.2? VERDE 8.2 is our latest VERDE-VDI offering and has been upgraded to use the latest Red Hat / CentOS QEMU-KVM modules for increased performance and hardware emulation capabilities.  This means that we are now ...
    • Where can I buy licenses for NComputing products and services?

      • Your NComputing reseller can provide license keys for NComputing products and services. Your local NComputing authorized partner can assist you by offering local currency payment, local language speaking consultation and help on this matter. We ...