Shellshock Bash Vulnerability

Toggle sidebar Toggle sidebar
JM Aggie08

JM Aggie08

Diamond Member
Jan 3, 2006
8,317
922
136
Any sysadmins in this subforum? How's everyone dealing with the most recent big scare?
 
Scarpozzi

Scarpozzi

Lifer
Jun 13, 2000
26,391
1,780
126
I've not been all that worried about it because of the kind of exploit it is. If you're pretty locked down through port access and don't have a lot of remote users, you are probably ok. I think the fear is that some applications use bash to execute code on the server. If you lock down the file system that doesn't keep a hacker from changing environment variables (the exploit). That still doesn't allow them to necessarily write to the file system.

I patched about 40 systems last week and again over the weekend (normal patching schedule luckily came up this weekend anyhow)...

Just keep a watchful eye on any systems that grant web services bash privileges. There were a bunch of these coded in the early 2000s to move companies off old mainframes. Other than that, I'm not sure what applications would have those kinds of rights.
 
L

LCTSI

Member
Aug 17, 2010
93
0
66
so far every time this comes up I just run

Code: 
ansible all --sudo -m yum -a 'name=bash state=latest'

and then go expense food at Denny's.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
69,802
13,375
126
www.anyf.ca
Not sure what the above command does but yum update worked for me, may as well do a full system update at the same time. Fortunately distros were pretty quick to issue the patch and even older distros like CentOS 5 got it.

Mmm Denny's. Been a while since I've been to one. They have em down south and often are near the hotel.
 
KillerBee

KillerBee

Golden Member
Jul 2, 2010
1,750
82
91
Last edited:
Jodell88

Jodell88

Diamond Member
Jan 29, 2007
8,762
30
91
KillerBee said:
So the bash bug has really has turned into to the gift that keeps on giving

They are up to 6 vulnerabilities:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278

more redhat specific info here:
https://access.redhat.com/articles/1200223

Chet Ramey has put out new patches for the latest
http://seclists.org/oss-sec/2014/q4/17

good reading:
http://lcamtuf.blogspot.de/2014/10/bash-bug-how-we-finally-cracked.html
Click to expand...
This is a good thing IMO. Perhaps a security audit is in order, but the amount of eyes on the code right now is a good thing. :)
 
KillerBee

KillerBee

Golden Member
Jul 2, 2010
1,750
82
91
Jodell88 said:
This is a good thing IMO. Perhaps a security audit is in order, but the amount of eyes on the code right now is a good thing. :)
Click to expand...

I agree with that :)

Though I'm sure there are plenty of systems holding all kinds of private data out there now - which don't get regularly patched.
 
JM Aggie08

JM Aggie08

Diamond Member
Jan 3, 2006
8,317
922
136
We have a lot of heritage OS in our environment for various business needs...it's been an absolute fucking nightmare..
 
L

LCTSI

Member
Aug 17, 2010
93
0
66
Red Squirrel said:
Not sure what the above command does but yum update worked for me, may as well do a full system update at the same time. Fortunately distros were pretty quick to issue the patch and even older distros like CentOS 5 got it.

Mmm Denny's. Been a while since I've been to one. They have em down south and often are near the hotel.
Click to expand...

It's an automation command to yum update bash on all servers known to ansible. That's about 3200 linux servers for me.
 
KillerBee

KillerBee

Golden Member
Jul 2, 2010
1,750
82
91
LCTSI said:
It's an automation command to yum update bash on all servers known to ansible. That's about 3200 linux servers for me.
Click to expand...

3200! - That is impressive
What else do you use to manage that many servers?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom