This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bash Version issue

Go to solution
marc_dub
Engaged Sweeper II

‎09-25-2014 02:01 PM

Due to the recent Bash vulnerability I am running reports but the Bash software version only displays 3.2 as an example but when we check locally the version is 3.2.25 why would this be displayed.

www.webroot.com
Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
sukaitsu
Champion Sweeper

‎10-02-2014 09:39 PM

I wrote this SQL Query, and it helped us narrow down vulnerable machines.

Linux: ShellShock Vulnerable ()


Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypename,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblLinuxSystem.OSRelease,
  tblAssets.IPAddress,
  tblSoftwareUni.softwareName,
  tblLinuxSoftware.Version,
  tblLinuxSoftware.InstallDate,
  tblLinuxSoftware.LastChanged
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
    tblLinuxSoftware.SoftwareUniID
  Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where ((tblSoftwareUni.softwareName Like '%cgi%') Or
    (tblSoftwareUni.softwareName = 'bash' And
      DateDiff(day, tblLinuxSoftware.LastChanged, '2014-09-24') > 0)) And
  tblAssetCustom.State = 1 And tblAssets.Assettype = 11
Order By tblAssets.AssetName
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

View solution in original post

2 REPLIES 2
Go to solution
sukaitsu
Champion Sweeper

‎10-02-2014 09:39 PM

I wrote this SQL Query, and it helped us narrow down vulnerable machines.

Linux: ShellShock Vulnerable ()


Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypename,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblLinuxSystem.OSRelease,
  tblAssets.IPAddress,
  tblSoftwareUni.softwareName,
  tblLinuxSoftware.Version,
  tblLinuxSoftware.InstallDate,
  tblLinuxSoftware.LastChanged
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
    tblLinuxSoftware.SoftwareUniID
  Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where ((tblSoftwareUni.softwareName Like '%cgi%') Or
    (tblSoftwareUni.softwareName = 'bash' And
      DateDiff(day, tblLinuxSoftware.LastChanged, '2014-09-24') > 0)) And
  tblAssetCustom.State = 1 And tblAssets.Assettype = 11
Order By tblAssets.AssetName
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com
Go to solution
sukaitsu
Champion Sweeper

‎10-01-2014 08:02 PM

Lansweeper's API uses # rpm -qa to gather the installed software on Linux assets. The result from that command is what gets populated into the database.
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com
0 Kudos

Reports & Analytics

Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
li.common.scroll-to.top