Is the k1000 or the k2000 vulnerable to the Shell Shock Vulnerability in bash?

A high risk vulnerability was disclosed on September 24, 2014 by the National Institute of Standards and Technology (NIST) that could result in sensitive information being leaked by exploiting a flaw in GNU Bash. Details of this vulnerability, which has been dubbed the ‘Bash flaw’ or ‘Shell Shock’, can be referenced in the NIST CVE-2014-6271.

3 Comments   [ + ] Show Comments


  • Yes, I would like to know about possible Kace vulnerabilities as well in regards to Shell Shock/BASH Flaw.
  • What is the likely hood of older versions being updated? we're still running 5.3 code train.
    • Looks like 5.5 and up only.
  • Just saw they released k1000 6.2, but it does not appear to address anything related to the bash exploit:
Please log in to comment

Community Chosen Answer

Hotfix posted within the last couple of hours:
Answered 10/03/2014 by: jones948
Orange Senior Belt

  • This says otherwise: "Note: Once this hotfix has been applied. reboot the server from the maintenace page."
    • Hmm. That wasn't up when I posted and I was just going off of the fact that the hotfix itself did not reboot the server.
Please log in to comment


Good question. I submitted a ticket with support this morning to find out the answer. Our Secureworks appliance started picking up external scans hitting our K1 this week (GNU Bash Environment Variable Code Injection attempt)

Official link here:
Answered 09/26/2014 by: Asevera
Blue Belt

  • Thanks for posting this. I was also glad to see the notice was also pushed to my kbox via the Latest News section; good job dell!
Please log in to comment

I have an answer from Support:

The KACE appliances are vulnerable to this exploit

 "Our engineers are working on this as a top priority and Iwill follow up as soon as there is any official information.

A hotfix is under development for this issue and I willadvise you the moment it is ready. "

Answered 09/26/2014 by: ms01ak
Tenth Degree Black Belt

  • Did they indicate kboxes should be taken offline?
Please log in to comment
Does Dell have any solution to roll out a fix for this vulnerability?

Answered 09/26/2014 by: hjansari
Fourth Degree Green Belt

Please log in to comment
Answer this question or Comment on this question for clarity