Check out this thread: Shellshock (Bash vulnerability) audits with BSA, ADDM on how you can use BSA to address the Shellshock bug.
As for vulnerability, investigation is ongoing and a formal statement will be coming out soon, but (speaking for myself here) I would not think BMC products would be subject to this vulnerability. It's a problem with the bash shell on target systems, not with applications. We will certainly have to update products packaged as appliances as soon as the OS vendors release patches, but I would not expect much more to be necessary.
1 of 1 people found this helpful
Right - the issue would be the version of bash installed on the system - the problem is w/ bash itself, not the scripts that it runs. BSA does of course ship w/ a shell, based on zsh which does not seem to be vulnerable to this issue and it's simple to test.
the file would be to update the version of bash on the particular OS, so your OS vendor should be providing updated packages which can be deployed w/ bsa.