[Xymon] FYI: CVE-2014-6271 - bash vulnerability
J.C. Cleaver
cleaver at terabithia.org
Wed Sep 24 19:54:35 CEST 2014
This is an important one to patch your systems on, if you haven't already.
The xymon CGI interface runs via shell wrappers around the actual C cgi
code (to set the environment properly), which means this would be an
avenue for attack.
Alternatively, using /bin/dash or some other shell besides bash (often
/bin/sh on Linux distros) is another work around. (This is the default on
the Terabithia RPMS for EL6.)
More info:
http://seclists.org/oss-sec/2014/q3/650
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223
Regards,
-jc
More information about the Xymon
mailing list