September 26, 2014

Posted in:


Security Advisory: Shellshock Bug with Linux Servers

linux_targetAn advisory (CVE-2014-6271) has been released regarding a newly discovered bug affecting Linux-Based system GNU Bash, also known as the Shellshock bug or vulnerability. According to research, the bug could be used to remotely take control of a system that uses Bash, which is a component of many Linux systems. For additional information, please view the following: https://access.redhat.com/articles/1200223. Microsoft Windows is not affected by this vulnerability.

How to determine if your server is vulnerable?

What this means is that any server running version an older version of the software is vulnerable. To check to see if your RedHat server is vulnerable, log into the server and run the following:

rpm -qa bash

If the version is one of the below, your server is considered patched:

RHSA-2014:1293

  • Red Hat Enterprise Linux 7 – bash-4.2.45-5.el7_0.2
  • Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1
  • Red Hat Enterprise Linux 5 – bash-3.2-33.el5.1

RHSA-2014:1294

  • Red Hat Enterprise Linux 4 Extended Lifecycle Support – bash-3.0-27.el4.2
  • Red Hat Enterprise Linux 5.6 Long Life – bash-3.2-24.el5_6.1
  • Red Hat Enterprise Linux 5.9 Extended Update Support – bash-3.2-32.el5_9.2
  • Red Hat Enterprise Linux 6.2 Advanced Update Support – bash-4.1.2-9.el6_2.1
  • Red Hat Enterprise Linux 6.4 Extended Update Support – bash-4.1.2-15.el6_4.1

What should I do if my server my server is vulnerable?

Otherwise, the server will need to be updated with the command below. This command run will patch your server to the latest version of bash and your system will be secured. No further action is necessary to take and a reboot is not required.

yum update bash -y && /sbin/ldconfig

Edge has contacted all affected customers. Please check your email and portal tickets if you are unsure if your servers are affected.

Go back