Security Advisory Bash Code Injection Vulnerabilities (CVE-2014-7169/CVE-2014-6271)


RedHat released two security advisories regarding the Bash Code Injection Vulnerabilities (a.k.a “Shellshock”):


This is a critical vulnerability in the GNU bash shell, used by many UNIX/Linux operating systems. This flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system; the majority of Restorepoint appliances may be affected.


A patch for Restorepoint v4.5 is already available; please ensure that you update your appliance immediately, and that you are running at least v4.5 build 20140926:103212.

If your appliance is running Restorepoint v4.4 or earlier, please contact our Technical Support Team.

Restorepoint v4.5 now available

Restorepoint 4.5 introduces several new features and improvements, including:

Configuration Template Monitoring

We introduced the ability to push configuration templates to devices in Restorepoint v4, giving you the ability to standardise the way devices are built. In our new release, you will have the ability to continually monitor your devices to ensure they match your configuration templates, ideal for those who have to meet compliance standards.

Runtime Policies

If you’ve been using our Device Control scheduling feature to automatically send commands in bulk to multiple devices, in 4.5 you can also analyse the responses from the devices using Runtime Policies. This enables you to detect conditions like routing table mismatches or changes in status to a device that might not appear in the a configuration file.

Device Software Repository

Restorepoint gives you the ability to not only centralise and safeguard your network configurations, but also to store everything else you or your colleagues might need to help you configure or rebuild devices. Store software images, ISOs, firmware, or documentation for your devices in one place. This will replace the existing Firmware tab in the Restorepoint interface.

Enhanced Asset Details

Restorepoint captures more information from your devices so that you can easily display a devices network interfaces, routing tables, or licenses for example.

Compare Devices Update

Easily compare the configurations of different devices, right from the Device List.

Device Cloning

We’ve made it easier for you to copy the configuration of one device to another.

Generic Push Status

Restorepoint can alert you when a backup has not been uploaded when using our Generic plugins. If you’ve not used the Generic Plugins before, these allow you to manage configurations from systems or servers not natively supported by a Restorepoint device plugin.

Improved support for multi-file configurations

We’ve enhanced the way we display complex configurations which consist of multiple files, and have also added the ability to export individual files.

New device plugins including FireEye, QRadar, Indeni and SafeNet

Restorepoint announces the release of new device plugins that enable organisations to automate operations including Configuration Backup and Recovery, Compliance Analysis and to automate repetitive changes for:

  • A10 Networks
  • Balabit Shell Control Box (SCB)
  • Bluecoat Director, and Bluecoat AV appliances
  • Brocade VDX
  • FireEye
  • HP Blade System and HP Virtual Connect Manager
  • IBM QRadar
  • Indeni
  • SafeNet

“The release of these additional device plugins brings our supported vendor list to 53 vendors, making Restorepoint the most comprehensive platform for automating complex configuration management and compliance tasks” said Michael Bell, Restorepoint’s Director of Sales Operations. “Our device plugins are one of the unique aspects of the Restorepoint platform,  which sets us apart from other systems. When customers ask us to support a new device type, they can rely on the fact that we’re not simply providing them with a platform to run backup scripts, but have fully tested the recovery operations, making recovery a simple 1-step process, as well as collecting information from the devices that helps customers track and simplify management of their network assets.”

These latest device plugins are free and immediately available to Restorepoint customers. Evaluation licenses of Restorepoint including these new plugins are available at:

Heartbleed Bug Official Statement

The recently discovered Heartbleed bug (CVE-2014-0160) is a serious vulnerability in the popular OpenSSL cryptographic software library. This security flaw allows stealing of information protected normally protected by SSL/TLS.

Restorepoint does not use the offending implementation of OpenSSL in any of its appliances or servers. As a result, Restorepoint appliances and servers are not and were not at any time vulnerable to the Heartbleed bug.

New Restorepoint features available in February

Version 4.4 of Restorepoint will be released on the 10th of February, providing additional automation features and enhancements  This update will be delivered automatically to all customer appliances with a current license subscription.

In advance of the update we thought we’d highlight some of the new features:

  • Advanced discovery. In a busy network, devices are frequently added and sometimes get left behind when it comes to configuration backup. In Restorepoint 4.4. our updated discovery engine can find devices on the network, automatically import them and configure a backup schedule to save those all important configurations.
  • Schedule commands. Restorepoint’s ability to send commands to multiple devices has been enhanced, allowing you schedule tasks such as your monthly Check Point gateway password changes, or for monitoring changes to the routing tables of your Cisco routers. All commands sent to the devices, and the CLI responses from the devices are also recorded.
  • Provision faster with Templates: With our device templating feature you can easily provision or configure devices based on another devices configuration. This has now  been enhanced so that you can add a new device to Restorepoint and push the configuration template in a single action.

Other enhancements include:

  • Support for multiple NAT addresses; NAT addresses can now be configured globally, per-domain or per-device. This is useful for service providers or large enterprises, where there are multiple egress points from the network, or where both source- and destination-NAT are applied (service providers often use this to eliminate issues with non-unique address spaces)
  • Increased performance when unpacking and analysing large backup files
  • Improved SNMP implementation, including the new Restorepoint MIB and full SNMPv3 support
  • RADIUS improvements, including CHAP support
  • CIFS/NTLMv2 support for archives
  • Import/export users from CSV files
  • Storage utilisation reports
  • Easily find out whether a configurations was retrieved automatically, manually, or triggered by a real-time change
  • Under-the-hood enhancements, including optimised disk space utilisation and forward support for Restorepoint Version 5.

For more information, please contact our Support Team.

Cisco ACS v5 Now Supported

Restorepoint now supports Cisco Secure Access Control Server (ACS) version 5, deployed either on the hardware appliance (CSACS-1121 series or similar) or ACS virtual appliance.

Restorepoint backs up and restore the database (both ACS and ADE OS), the database password file, certificate store and, if required, the ADE OS configuration.

The previous ACS version 4 is also supported, via a separate plugin.

Please contact the Restorepoint Support Team for more information.

FortiGate Plugin Update

The Restorepoint FortiGate plugin has been updated to support SCP for backup and restoration. Wherever possible, for security reasons SCP should be used to backup FortiGate devices; SCP also avoids TFTP back-connections for file transfers. Note that SCP may need to be enabled in the FortiGate UI or CLI.

The SCP restoration method differs slightly depending on the FortiOS version, but Restorepoint will use the appropriate method for each firmware version.
Restorepoint supports FortiOS 3, 4 and 5.
Please contact the Restorepoint Support Team for more information.

Updated Cisco ASA Plugin Allows Zero-Downtime Restore

The Cisco ASA plugin now gives you the option to restore a configuration directly to the running configuration. This removes the need for reloading the device and therefore keeps downtime to a minimum.

The previous behaviour (restoring to the startup configuration) is still available.

Please contact the Restorepoint Support Team for more information.

Restorepoint 4.3

Version 4.3 of Restorepoint will be released on the 5th of June.  This update will be delivered automatically to all customer appliances with a current license subscription.

In advance of the update we’d thought we’d highlight some of the new features:

  • Brand new backup scheduling engine, with more granular options and improved automatic scheduling
  • New configurable retry policies and alert options following backup failures
  • Compliance Rules for device firmware, enabling you to detect devices with firmware that does not meet your security or compliance standards.
  • Firmware versions now detected and recorded for each backup
  • Offline appliance updates for restricted network environments
  • Improved support for devices with multiple configurations (e.g. stacks, virtual systems, contexts)
  • SFTP support added to the Generic Push Plugin
  • Enhanced Multi-Domain Management (Enterprise Edition)

This update will be delivered automatically to all customer appliances with a current license subscription. Please contact us to discuss any of the features or to discuss the upgrade process.