[Xymon] 'Shell shock' mitigation

Deiss, Mark Mark.Deiss at xerox.com
Mon Sep 29 16:22:20 CEST 2014 

On any box, you need to check the patched bash as to whether the vendor has addressed both CVE-2014-6271 and CVE-2014-7179.

Redhat appears to have addressed both with bash updates for RHEL and Fedora Core releases. Centos though appears to only address 6271 - patched this morning and the Centos uppdate still fails 7179; may take a couple more days for the maintainers to kick out an update covering 6271.

HPUX Porting Archive (UK) is advertising a binary suite for HPUX 11.11/11.23/11.31 PA-RISC/Itanium that addresses CVE-2014-6271 and CVE-2014-7179 (have not had time to check on these - caveat emptor).

Doubt anyone has addressed CVE-2014-7187 yet; too new.

-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Michael Short
Sent: Friday, September 26, 2014 8:54 PM
To: me at tdiehl.org; J.C. Cleaver
Cc: Xymon Mailing List
Subject: Re: [Xymon] 'Shell shock' mitigation

Red hat has an updated bash rpm out for RHEL6.
And the GNU sites make available the bash source code for 4.3 plus the patch to apply.
I used both on a large number of systems yesterday, without reboots and without problems.
Both verified using Nessus security scans.  Could you use those instead of relying on dash?



-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of me at tdiehl.org
Sent: Friday, September 26, 2014 4:58 PM
To: J.C. Cleaver
Cc: Xymon Mailing List
Subject: Re: [Xymon] 'Shell shock' mitigation

On Fri, 26 Sep 2014, J.C. Cleaver wrote:

>
> /bin/sh to /bin/bash is standard on Red Hat-derived systems.
>
> dash is present as a package in RHEL6 and Fedora, but not EL7 or EL5.
> Prior to that (<=EL4) 'ash' was available.

So, is changing the shell in /etc/passwd for the xymon user to /bin/dash sufficient to get xymon to use dash or are other changes required.

I really do not want to change the symlink for /bin/sh to point to dash as I am not sure what other things might break.

This is on a Centos 6.5 box.

Regards,

-- 
Tom			me at tdiehl.org		Spamtrap address	 		me123 at tdiehl.org
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
******************************************************************************************
This message may contain confidential or proprietary information intended only for the use of the
addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. 

Thank you. 
******************************************************************************************
CLLD
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon

More information about the Xymon mailing list