Bash 'shellshock' bug - READ THIS!

From sailpbx
Revision as of 10:00, 26 September 2014 by Adminwiki (talk | contribs) (FIX)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Background

A vulnerability in the bash scripting language was disclosed on 24/9/2014. You can read about it here

http://seclists.org/oss-sec/2014/q3/650

All SARK variants, except SARK500, built on or before 25/9/2014 have this vulnerability. To be certain, you should run the check below and apply the fix if necessary

Check

You can check your bash using the following command

env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If the command returns the word "busted" then the bash version has the vulnerability.

To fix your SARK site do the following

FIX

all Debian releases (including SARK200)

apt-get update
apt-get install bash

SME Server 8.0 based releases

yum update bash

Other releases

If you have an smeserver release prior to SME 8 then you must upgrade to smeserver 8.0 and apply the above update.