IBM Support

QRadar: How to detect Daily Vulnerability Update: CVE-2014-6172

Question & Answer


Can QRadar Vulnerability Manager detect systems vulnerable to CVE-2014-6172 (Shellshock Bash Vulnerability)?


Yes, the QRadar daily auto update has been released and includes signatures for detecting the Bash vulnerability for CVE-2014-6172 (Shellshock). The daily auto update for QRadar Vulnerability Manager has been added the vulnerability database, along with a series of detection tools (patch, authenticated check, unauthenticated check). Customers who want to retrieve the latest updates can force an automatic update from the QRadar Admin tab of QRadar.

For example:

Most administrators can use the Get New Updates button to retrieve the latest auto updates.

  1. Log in to the QRadar Console as an administrator.
  2. Click the Admin tab.
  3. Click the Auto Update icon.
  4. Click Get New Updates.

If the auto update system for your QRadar appliance has already run today, the administrator might want to force the system to check again for all available updates. To force an update, the administrator can run the following commands:

  1. Using SSH, log in to the Console as the root user.
  2. Navigate to the following directory: cd /opt/qradar/bin.
  3. Run each of the following commands to clear the auto update timestamps for each download category.
    • ./ -ds lastpatch 0
    • ./ -ds lastwau 0
    • ./ -ds lastdau 0
  4. Log in to the QRadar user interface as an admin user.
  5. Click the Admin tab.
  6. Click the Auto Update icon.
  7. Click Get New Updates.

Where do you find more information?

[{"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
21 June 2018