Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
License Agreement
Support Guide

TPAM Product Notification

Return
Critical Alerts

Critical Product Notification

2.3.761-2.5.912 Product VersionTPAM

Problem

A critical security vulnerability has been identified in the TPAM appliance that has resulted from the discovery of the ShellShock vulnerability (CVE-2014-6271)

How does this affect TPAM?

The TPAM appliance contains a Linux subsystem that provides services required to manage the diverse range of target platforms that are supported.  This subsystem includes the Bash shell that has recently been discovered to contain a critical vulnerability, causing a possible security exposure to TPAM on v2.3.761 through v2.5.912.  The exposure is limited to a small subset of authenticated users and is limited in scope, but is critical nonetheless.  If successfully compromised, this could lead to the disclosure of potentially sensitive information contained within the product.

Workaround

The only effective permanent solution is to patch the system which removes this particular vulnerability entirely. Please see details below.

Status

Version specific patches are available to correct this vulnerability and should be applied as soon as possible to all instances of TPAM which are potentially impacted.  These patches eliminate the vulnerable component in the Linux subsystem of TPAM without modifying the behavior of the application

Versions 2.3 & 2.4

Hotfix_6764 has been released to correct this vulnerability.  It should be applied as soon as possible to all instances of TPAM appliances with the following versions 2.3.761 to 2.4.804.

If you choose to upgrade from a 2.3 or 2.4 version to any other 2.3 or 2.4 version you must ensure that you reapply hotfix 6764 to ensure the vulnerability is removed.

If upgrading from 2.4 to 2.5 please see below.

Versions 2.5

Hotfix_6763 has been released to correct this vulnerability.  It should be applied as soon as possible to all instances of TPAM appliances with the following versions 2.5.904 to 2.5.912. 

If you choose to upgrade from an older version to a version that is 2.5.912 or below, the 6763 hotfix must be reapplied to ensure the vulnerability is removed.  However if upgrading to version 2.5.913 or greater, the patch will be included and there is no to reapply.

As an example:

An upgrade from 2.5.904 – 2.5.913 – no patch required as 2.5.913 contains the vulnerability patch.

An upgrade from 2.5.904 – 2.5.912 – patch would be required to be installed again after the 2.5.912 upgrade is complete.

To download hotfix 6763 and 6764 please login to the Dell TPAM Appliance Portal

https://hq01.e-dmzsecurity.com/edmzcust/

Questions or comments

If you have any questions or comments, please log a request using our Manage Service Request tool or see the Contact Support page for other contact methods available.

You can elect to manage your product notification settings under "Product Notification" within User Profile on our support portal. Alternatively, you can request to unsubscribe to all future notifications by using this email link: Unsubscribe ALL.

Thank You,
One Identity