Monitoring, Management & Location Tracking

How to fix the "Shell Shock" or BASH shell Vulnerability issue in Airwave without upgrading the server?

Aruba Employee

Introduction :

 

This article explains about how to fix the "Shell Shock" or BASH shell Vulnerability issue in Airwave without upgrading the server or when the server upgrade is not possible.

 

Feature Notes:

 

 

 

 

Environment :

 

 

Bash supports exporting not just shell variables, but also shell functions to other bash instances, via the process environment to
(indirect) child processes.  Current bash versions use an environment variable named by the function name, and a function definition
starting with in the variable value to propagate function definitions through the environment.  The vulnerability occurs because
bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function
definition.  If bash is used as an interpreter for network-accessible scripts, an attacker could exploit the vulnerability to execute
arbitrary code.

 

 

Configuration Steps:

 

 

Instruction to apply the fix using yum:
 
1. Run the following command to review the current version.
 
[root@lab mercury]# rpm -qa | grep bash
bash-completion-20031215-1.noarch
bash-4.1.2-8.el6.centos.x86_64
 
2. Run the following command to apply the fix
 
[root@lab mercury]# yum clean metadata
[root@lab mercury]# yum update bash –y
 
Instruction to apply the fix using rpm where yum update is not possible due to internet access:
 
1. Please download the rpms from for the following URL and copy it to server /var/airwave/custom/ using winscp tool.
http://centos.excellmedia.net/6/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm
http://centos.excellmedia.net/6/updates/x86_64/Packages/bash-doc-4.1.2-15.el6_5.2.x86_64.rpm
 
2. Run the following command to update the bash
# rpm –Uvh /var/airwave/custom/bash-4.1.2-15.el6_5.2.x86_64.rpm
# rpm –Uvh /var/airwave/custom/bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

 

 

Verification :

 

 

Once the bash package is update to 4.1.2-15.el6_5.2 version, please run the following command to verify the version.

 

 

 

[root@lab mercury]# rpm -qa | grep -i bash

 

bash-4.1.2-15.el6_5.2.x86_64

 

bash-completion-20031215-1.noarch

 

Version history
Revision #:
1 of 1
Last update:
‎11-10-2014 03:46 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: