Bash Vulnerability – shell shock fix

You may be aware that overnight a vulnerability was discovered that affects all Unix / Linux based operating systems that use the bash shell.

The details of this can be found at: https://access.redhat.com/articles/1200223

A vulnerability is just that. It can makes the system vulnerable to an exploit in certain scenarios but it does not mean that any Linux based system that uses bash has been or may have been exploited.

From details of the exploit we see that the way in which the SME appliance could have been affect is as follows:

Bug affecting Apache httpd server

Specifics of how it can affect:

“CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected”

As the SME system uses user mod_cgi only with perl and does not spawn a shell it is not affected by this bug.

Bug Affecting Secure Shell

Secure Shell (SSH) is also affected if users can access the system over SSH and launch a bash shell. This is unlikely as if SSH access is unauthorised it is likely the system is compromised in any case.

We have already patched our own sites and IaaS instances when the bug was discovered and notified customers. If you are running a trial or any other version of the SME Appliance you can update the bash shell to remove the vulnerability using the below instructions:

What you should do to patch your Appliance

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum update bash

This will update the bash shell and remove the vulnerability.

If you have any questions or need any further help do not hesitate to contact support.

**Update 26th September**

With regards to this entry, posted yesterday, as Redhat has in the early AM released a further new patch with regards to ShellShock you should again update your SME Appliance with this patch.

To do this:

Log in as smeconfiguser
#after login su as root (if you do not have the superuser password please contact support@storagemadeeasy.com)
yum clean all
yum update bash

This will update the bash shell with the new patch.

It is possible that further patches will be released and you should monitor the situation from the below link to check if further patches are released and should be applied.

https://access.redhat.com/articles/1200223

From our side we have checked the SME Appliance and even though we do not believe we are affected by Shellshock, it is good security practice to have the latest patch given what was discovered and we strongly recommend to apply the further patch.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather
The following two tabs change content below.
The Leading Enterprise File Share and Sync Solution

Leave a Reply

Your email address will not be published. Required fields are marked *