[Xymon] FYI: CVE-2014-6271 - bash vulnerability

J.C. Cleaver cleaver at terabithia.org
Wed Sep 24 19:54:35 CEST 2014


This is an important one to patch your systems on, if you haven't already.

The xymon CGI interface runs via shell wrappers around the actual C cgi
code (to set the environment properly), which means this would be an
avenue for attack.

Alternatively, using /bin/dash or some other shell besides bash (often
/bin/sh on Linux distros) is another work around. (This is the default on
the Terabithia RPMS for EL6.)


More info:
http://seclists.org/oss-sec/2014/q3/650

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223


Regards,
-jc




More information about the Xymon mailing list