Friday, September 26, 2014

CVE-2014-6271 Shellshock and Sonicwall IPS Signature gaffe?

If you manage a Sonicwall firewall, be aware that for some strange reason, Sonicwall decided to make the signature for Shellshock a "Low" priority. If you've enabled IPS on your Sonicwall firewall, and don't have "Prevent All" and "Detect All" checked for low priority attacks, then you're not protected. WTH? While the CVE and all reports mark it as high, 10/10, why the hell would Sonicwall mark it as low?

If you don't want to check prevent and/or detect for low priority signatures, you can still prevent Shellshock by searching for Signature ID 10529, and changing Prevention and Detection to Enable, which I recommend you do like, yesterday.