On any box, you need to check the patched bash as to whether the vendor has addressed both CVE-2014-6271 and CVE-2014-7179.
Redhat appears to have addressed both with bash updates for RHEL and Fedora Core releases. Centos though appears to only address 6271 - patched this morning and the Centos uppdate still fails 7179; may take a couple more days for the maintainers to kick out an update covering 6271.
HPUX Porting Archive (UK) is advertising a binary suite for HPUX 11.11/11.23/11.31 PA-RISC/Itanium that addresses CVE-2014-6271 and CVE-2014-7179 (have not had time to check on these - caveat emptor).
Doubt anyone has addressed CVE-2014-7187 yet; too new.
-----Original Message----- From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Michael Short Sent: Friday, September 26, 2014 8:54 PM To: me at tdiehl.org; J.C. Cleaver Cc: Xymon Mailing List Subject: Re: [Xymon] 'Shell shock' mitigation
Red hat has an updated bash rpm out for RHEL6. And the GNU sites make available the bash source code for 4.3 plus the patch to apply. I used both on a large number of systems yesterday, without reboots and without problems. Both verified using Nessus security scans. Could you use those instead of relying on dash?
-----Original Message----- From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of me at tdiehl.org Sent: Friday, September 26, 2014 4:58 PM To: J.C. Cleaver Cc: Xymon Mailing List Subject: Re: [Xymon] 'Shell shock' mitigation
On Fri, 26 Sep 2014, J.C. Cleaver wrote:
/bin/sh to /bin/bash is standard on Red Hat-derived systems.
dash is present as a package in RHEL6 and Fedora, but not EL7 or EL5. Prior to that (<=EL4) 'ash' was available.
So, is changing the shell in /etc/passwd for the xymon user to /bin/dash sufficient to get xymon to use dash or are other changes required.
I really do not want to change the symlink for /bin/sh to point to dash as I am not sure what other things might break.
This is on a Centos 6.5 box.
Regards,
-- Tom me at tdiehl.org Spamtrap address me123 at tdiehl.org
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter.
Thank you.
CLLD
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon