Bash 'shellshock' bug - READ THIS!

From sailpbx

Revision as of 08:49, 26 September 2014 by Adminwiki (talk | contribs) (→‎Background)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Background
2 FIX

Background

A vulnerability in the bash scripting language was disclosed on 24/9/2014. You can read about it here

http://seclists.org/oss-sec/2014/q3/650

All SARK variants, except SARK500, shipped on or before 25/9/2014 have this vulnerability.

You can check any bash on any site using the following command

env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If the command returns the word "busted" then the bash version has the vulnerability.

To fix your SARK site do the following

FIX

all Debian releases

apt-get update
apt-get install bash

SME Server 8.0 based releases

yum update bash

Other releases

If you have an smeserver release prior to SME 8 then you must upgrade to smeserver 8.0 and apply the above update.

Retrieved from ‘http://sailpbx.com/mediawiki/index.php?title=Bash_%27shellshock%27_bug_-_READ_THIS!&oldid=2375’