Bash 'shellshock' bug - READ THIS!

From sailpbx
Revision as of 09:56, 26 September 2014 by Adminwiki (talk | contribs) (Check)
Jump to: navigation, search

Background

A vulnerability in the bash scripting language was disclosed on 24/9/2014. You can read about it here

http://seclists.org/oss-sec/2014/q3/650

All SARK variants, except SARK500, built on or before 25/9/2014 have this vulnerability. To be certain, you should run the check below and apply the fix if necessary

Check

You can check your bash using the following command

env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If the command returns the word "busted" then the bash version has the vulnerability.

To fix your SARK site do the following

FIX

all Debian releases

apt-get update
apt-get install bash

SME Server 8.0 based releases

yum update bash

Other releases

If you have an smeserver release prior to SME 8 then you must upgrade to smeserver 8.0 and apply the above update.