Centos/RH fix not 100% complete and you'll have to do this again. also check if your web servers are running cgi scripts as bash scripts .... this is a bigger problem in general as it's prone to alsorts of abuse
-- Martin Hepworth, CISSP Oxford, UK On 25 September 2014 13:30, Paul Stenning <p...@sp-tech.co.uk> wrote: > Hi all, > > Please be aware of a serious security vulnerability that has been > discovered in BASH. > > I received notification of this from a web hosting company I use regarding > CentOS but it applies to all Linux distros. Please update ASAP, especially > web servers etc. > > Below is the message they sent to all customers which contains more info. > > Paul > > ---- > > Hello, > > This message is being sent in order to make you aware of a recently > discovered serious security vulnerability within the BASH shell environment > which exists on almost every Linux-based server. The severity of this > vulnerability is high, with multiple exploit vectors which may not require > any level of privileged access to the system. > > We are taking this unusual step of emailing all customers directly, > because of the wide reaching impact. > > Vendor updates have been released for all Redhat Enterprise Linux, CentOS > and CloudLinux distributions. > > ** All UKDedicated managed servers will be automatically updated ** > > If your servers are unmanaged, then is absolutely essential that you > ensure your servers are fully updated. Use the yum package manager to > update and protect against exploitation of this vulnerability. > > To ensure all packages on your systems are fully updated, run the > following command from a root SSH session: > yum -y update > This will update all packages on your system without further prompts. You > must maintain your SSH session for the duration of the update. > > If you only wish to update the bash packages: > yum -y update bash > Again, this will update without further prompts. You must maintain your > SSH session for the duration of the update. > > If you run cPanel, and are not familiar with the command line process, you > can use the ‘Update System Software’ function in WHM to update all packages. > > Updating packages is all that is required, you do not need to reboot your > server. > > Please note that in all of the above examples, if your server has already > updated itself automatically then you will be told that no updates are > available - this is an indication that you are already updated. If you wish > to ensure you have the updated package then please check the package > version from a root SSH session using: > rpm -q bash > > The updated version depends on the operating system you’re running, > details of the updated packages for CentOS versions are below: > CentOS-5: bash-3.2-33.el5.1 > CentOS-6: bash-4.1.2-15.el6_5.1 > CentOS-7: bash-4.2.45-5.el7_0.2 > > For further reading, please see: > https://securityblog.redhat.com/2014/09/24/bash-specially- > crafted-environment-variables-code-injection-attack/ > > At the time of writing this website was intermittently offline, you can > see a cached version via Google cache: > http://webcache.googleusercontent.com/search?q=cache:https://securityblog. > redhat.com/2014/09/24/bash-specially-crafted-environment- > variables-code-injection-attack/ > > If you have any questions regarding this notification, please > emailhelpd...@support.ukdedicated.com > > Regards, > > UKDedicated Support > > > -- > > *Paul Stenning* > S&P Technology > Box 170, 89 Commercial Road, Bournemouth, BH2 5RR > > p...@sp-tech.co.uk <mailto:p...@sp-tech.co.uk> > www.sp-tech.co.uk <http://www.sp-tech.co.uk> > > /Before printing, please consider the environment./ > > *Confidentiality* > This email and its attachments (if any) are intended for the above named > only and may be confidential. If they have come to you in error you must > take no action based on them, nor must you copy or show them to anyone; > please reply to this email and highlight the error, then delete them from > your computer immediately. > > *Security Warning* > Please note that this email has been created in the knowledge that email > is not a 100% secure communications medium. We advise that you understand > and observe this lack of security when emailing us. > > *Viruses* > Although we have taken steps to ensure that this email and attachments are > free from any virus, we advise that in keeping with good computing practice > the recipient should ensure they are virus free. > > -- > Next meeting: Bournemouth, Tuesday, 2014-10-07 20:00 > Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ > New thread on mailing list: mailto:dorset@mailman.lug.org.uk > How to Report Bugs Effectively: http://goo.gl/4Xue -- Next meeting: Bournemouth, Tuesday, 2014-10-07 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
