Opto 22

43044 Business Park Drive, Temecula, CA 92590 USA
Local & outside the USA:(951) 695-3000
Toll-Free within the USA:(800) 321-6786
Fax: (951) 695-3095
Email: sales@opto22.com
 
KB84082
groov affected by the Shellshock bug in Bash
Revision:  1.0
Published:  9/29/2014
Applies To
GROOV-AR1
GROOV-AR1-SNAP
GROOV-AT1
GROOV-AT1-SNAP
Versions
Versions affected:  
All versions of groov Admin from 1.570.23 through 1.570.36
Problem is fixed in version:  
groov Admin 1.570.38

DESCRIPTION

groov uses a version of the Linux Bash shell that is subject to the Shellshock vulnerability. The groov system has multiple layers of defense to prevent exploitation of vulnerabilities such as Shellshock, and so far our tests have been unable to exploit the Shellshock vulnerability on groov. However, if the Shellshock vulnerability is exploited, it can be used to execute untrusted code on a groov Box.

What do you need to do?
Opto 22 has provided a groov Admin update that eliminates the Shellshock vulnerability. Follow these steps to install the update, and change the passwords:

  1. Go to manage.groov.com and obtain groov Admin update file 1.570.38.
    Under Details for your groov Box, click Show and download the groov Admin version 1.570.38 update file.
  2. Back up your groov Project
    In groov Build, choose File > Backup project to computer.
  3. Install the update file:
    a. In Admin, expand the System group on the left side, and then click groov Admin Configuration.
    b. Click Upgrade groov Admin.
    c. Click Choose File to locate the groov Admin software update file on your computer.
    d. Highlight the file, and click Open.
    e. Click Upgrade.
  4. Change the groov Admin administrative password.
    For the AR1, see form 2104, the groov Box User's Guide for GROOV-AR1.
    For the AT1, see form 2077, the groov Box User's Guide for GROOV-AT1.
  5. Change the groov App user passwords.
    See form 2027, the groov User's Guide.

WORKAROUND

There is no workaround. Upgrade to groov Admin 1.570.38.

RESOLUTION

Opto 22 has resolved this issue.

Relevant Downloads
No relevant downloads have been specified.
Questions? Contact Opto 22 Product Support.
Phone: 800-835-6786 or 951-695-3080
Email: support@opto22.com

DISCLAIMER

This Opto 22 Knowledge Base ('OptoKB') article is intended to provide general technical information on a particular subject or subjects and is not an exhaustive treatment of such subjects. Accordingly, the information in this OptoKB article is not intended to constitute application, design, software, or other professional engineering advice or services. Opto 22 may modify the OptoKB articles at any time. Before making any decision or taking any action which might affect your equipment, you should consult a qualified professional.

OPTO 22 DOES NOT WARRANT THE COMPLETENESS, TIMELINESS, OR ACCURACY OF THE DATA CONTAINED IN THIS OPTOKB ARTICLE AND MAY MAKE CHANGES THERETO AT ANY TIME AT ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS 'AS IS.' IN NO EVENT SHALL OPTO 22 BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT, OR DAMAGE, EVEN IF OPTO 22 HAS BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES.

OPTO 22 DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED WITH RESPECT TO THE INFORMATION (INCLUDING HARDWARE, SOFTWARE, AND/OR FIRMWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTIBILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not sanction the exclusion of implied warranties: thus, this disclaimer may not apply to you.

Copyright © 2016 Opto 22. All rights reserved.

My.Opto22

All Opto22

Request Information
  • FREE Product Brochure
  • Product Demonstration
  • PreSales Engineering Assistance

Opto 22 Product Support

Opto 22 Product Support is FREE Monday through Friday 7 a.m. to 5 p.m. Pacific Time

Product Support Numbers:

Local: (951) 695-3080
Toll-Free: (800) 835-6786
Fax: (951) 695-3017
support@opto22.com

Products

None

Downloads

None

Documents

None