Bash 'shellshock' bug - READ THIS!

From Pbxwiki

Jump to: navigation, search

Contents

Background

A vulnerability in the bash scripting language was disclosed on 24/9/2014. You can read about it here

http://seclists.org/oss-sec/2014/q3/650

All SARK variants, except SARK500, built on or before 25/9/2014 have this vulnerability. To be certain, you should run the check below and apply the fix if necessary

Check

You can check your bash using the following command

env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If the command returns the word "busted" then the bash version has the vulnerability.

To fix your SARK site do the following

FIX

all Debian releases (including SARK200)

apt-get update
apt-get install bash

SME Server 8.0 based releases

yum update bash

Other releases

If you have an smeserver release prior to SME 8 then you must upgrade to smeserver 8.0 and apply the above update.

Personal tools