Security Advisory Bash Code Injection Vulnerabilities (CVE-2014-7169/CVE-2014-6271)

Background

RedHat released two security advisories regarding the Bash Code Injection Vulnerabilities (a.k.a “Shellshock”):

https://access.redhat.com/security/cve/CVE-2014-6271
https://access.redhat.com/security/cve/CVE-2014-7169

Impact

This is a critical vulnerability in the GNU bash shell, used by many UNIX/Linux operating systems. This flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system; the majority of Restorepoint appliances may be affected.

Remediation

A patch for Restorepoint v4.5 is already available; please ensure that you update your appliance immediately, and that you are running at least v4.5 build 20140926:103212.

If your appliance is running Restorepoint v4.4 or earlier, please contact our Technical Support Team.

Advertisements

Restorepoint v4.5 now available

Restorepoint 4.5 introduces several new features and improvements, including:

Configuration Template Monitoring

We introduced the ability to push configuration templates to devices in Restorepoint v4, giving you the ability to standardise the way devices are built. In our new release, you will have the ability to continually monitor your devices to ensure they match your configuration templates, ideal for those who have to meet compliance standards.

Runtime Policies

If you’ve been using our Device Control scheduling feature to automatically send commands in bulk to multiple devices, in 4.5 you can also analyse the responses from the devices using Runtime Policies. This enables you to detect conditions like routing table mismatches or changes in status to a device that might not appear in the a configuration file.

Device Software Repository

Restorepoint gives you the ability to not only centralise and safeguard your network configurations, but also to store everything else you or your colleagues might need to help you configure or rebuild devices. Store software images, ISOs, firmware, or documentation for your devices in one place. This will replace the existing Firmware tab in the Restorepoint interface.

Enhanced Asset Details

Restorepoint captures more information from your devices so that you can easily display a devices network interfaces, routing tables, or licenses for example.

Compare Devices Update

Easily compare the configurations of different devices, right from the Device List.

Device Cloning

We’ve made it easier for you to copy the configuration of one device to another.

Generic Push Status

Restorepoint can alert you when a backup has not been uploaded when using our Generic plugins. If you’ve not used the Generic Plugins before, these allow you to manage configurations from systems or servers not natively supported by a Restorepoint device plugin.

Improved support for multi-file configurations

We’ve enhanced the way we display complex configurations which consist of multiple files, and have also added the ability to export individual files.

New Restorepoint features available in February

Version 4.4 of Restorepoint will be released on the 10th of February, providing additional automation features and enhancements  This update will be delivered automatically to all customer appliances with a current license subscription.

In advance of the update we thought we’d highlight some of the new features:

  • Advanced discovery. In a busy network, devices are frequently added and sometimes get left behind when it comes to configuration backup. In Restorepoint 4.4. our updated discovery engine can find devices on the network, automatically import them and configure a backup schedule to save those all important configurations.
  • Schedule commands. Restorepoint’s ability to send commands to multiple devices has been enhanced, allowing you schedule tasks such as your monthly Check Point gateway password changes, or for monitoring changes to the routing tables of your Cisco routers. All commands sent to the devices, and the CLI responses from the devices are also recorded.
  • Provision faster with Templates: With our device templating feature you can easily provision or configure devices based on another devices configuration. This has now  been enhanced so that you can add a new device to Restorepoint and push the configuration template in a single action.

Other enhancements include:

  • Support for multiple NAT addresses; NAT addresses can now be configured globally, per-domain or per-device. This is useful for service providers or large enterprises, where there are multiple egress points from the network, or where both source- and destination-NAT are applied (service providers often use this to eliminate issues with non-unique address spaces)
  • Increased performance when unpacking and analysing large backup files
  • Improved SNMP implementation, including the new Restorepoint MIB and full SNMPv3 support
  • RADIUS improvements, including CHAP support
  • CIFS/NTLMv2 support for archives
  • Import/export users from CSV files
  • Storage utilisation reports
  • Easily find out whether a configurations was retrieved automatically, manually, or triggered by a real-time change
  • Under-the-hood enhancements, including optimised disk space utilisation and forward support for Restorepoint Version 5.

For more information, please contact our Support Team.

7 New Device Plug-ins released enabling customers to automate more network infrastructure

Woking, UK – 13th December 2012
Restorepoint announces the release of new Device Plug-ins that enable organisations to Automate Configuration Backup, Recovery and Compliance for:

  • McAfee Firewall Enterprise (formerly Sidewinder)
  • PineApp Mail-SeCure
  • Radware Alteon
  • Radware LinkProof
  • SEPPmail – Email Security Appliances
  • Sonus Tenor DX VoIP Switches (formerly Quintum)
  • Trend Micro InterScan Web Security Virtual Appliance

“The release of these latest device plug-ins expands our capabilities once again, and therefore the support we offer to our customers.” said Michael Bell, Restorepoint’s Director of Sales Operations. “Saying you have a Resilient network is not proof that can actually recover following an outage. Restorepoint gives organisations that confidence by automating and centralising configuration backup and providing a unified 3-Click recovery process for over 40 vendors.”

These latest device plug-ins are free and immediately available to Restorepoint customers. Evaluation licenses of Restorepoint including these new plug-ins are available at: http://www.restorepoint.com/evaluate.

About Restorepoint
The Restorepoint platform is a cost effective solution that helps increase network availability, maintain network SLAs and compliance standards by simplifying and automating time consuming network operations.

Restorepoint is a brand name of TADASoft, the market leaders in network configuration management for complex multi-vendor networks. Restorepoint enables organisations to meet their business continuity and compliance requirements by automating time consuming processes such as network configuration backup, configuration change tracking, compliance monitoring and remediation. All of this is achieved using an intuitive, secure and vendor-independent platform, without the need for connecting to each device using proprietary command-line interfaces, vendor-specific consoles, or custom scripts.

Customers around the world trust in Restorepoint to reduce administration overheads, enhance security, enable compliance, and reduce the impact and cost of downtime.

For more information visit http://www.restorepoint.com.