DNA Evolution Bash Vulnerability Fix Guide

Similar documents
Zenoss Resource Manager ZenUp Installation and Administration

Recommended File System Ownership and Privileges

Shellshock Security Patch for X86

Notes for Installing RedHawk 6.3 with Red Hat Enterprise Linux 6.3. Installation Notes. November 6 th, 2014

CS 2112 Lab: Version Control

How To Install Acronis Backup & Recovery 11.5 On A Linux Computer

Windows Template Creation Guide. How to build your own Windows VM templates for deployment in Cloudturk.

Zenoss Core ZenUp Installation and Administration

ULTEO OPEN VIRTUAL DESKTOP V4.0

Zenoss Core ZenUp Installation and Administration

Abstract. Microsoft Corporation Published: November 2011

nitrobit update server

Amira License Manager

FEI Avizo License Management

Oracle Virtual Desktop Client. Release Notes for Release 3.2

Linux - CentOS 6 Install Guide

Program Update IPedge Feature Description IPedge Feature Desc. 8/2/13

This presentation will discuss how to troubleshoot different types of project creation issues with Information Server DataStage version 8.

Zenoss Core ZenUp Installation and Administration

Navigating the Rescue Mode for Linux

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Upgrading to Avaya Aura Experience Portal 7.0.1

IT6204 Systems & Network Administration. (Optional)

===================================================================

Moxa Device Manager 2.3 User s Manual

Unbreakable Linux Network An Overview

An Oracle Technical Article March Certification with Oracle Linux 7

ESX 4 Patch Management Guide ESX 4.0

How To Run A Password Manager On A 32 Bit Computer (For 64 Bit) On A 64 Bit Computer With A Password Logger (For 32 Bit) (For Linux) ( For 64 Bit (Foramd64) (Amd64 (For Pc

EMC AVAMAR BACKUP CLIENTS

USB 2.0 Flash Drive User Manual

Binary Upgrade Procedure

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Partek Flow Installation Guide

An Oracle Technical Article November Certification with Oracle Linux 6

Server Installation/Upgrade Guide

Desktop : Ubuntu Desktop, Ubuntu Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu Server, Ubuntu Server, CentOS 5, CentOS 6

Local Caching Servers (LCS) February 2015

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Nixu SNS Security White Paper May 2007 Version 1.2

NVIDIA GRID 2.0 ENTERPRISE SOFTWARE

How To Migrate To Redhat Enterprise Linux 4

Cloud Storage Quick Start Guide

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

CDH 5 Quick Start Guide

Parallels Plesk Panel 11 for your Linux server

Site Configuration SETUP GUIDE. Windows Hosts Single Workstation Installation. May08. May 08

NetIQ Sentinel Quick Start Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Yosemite Server Backup Installation Guide

Cloud Attached Storage 3.1 EA

Acronis Backup & Recovery 10 Server for Linux. Installation Guide

Plexxi Control Installation Guide Release 2.1.0

Linux Integration Services 3.4 for Hyper-V Readme

Extending Remote Desktop for Large Installations. Distributed Package Installs

An Oracle Technical Article October Certification with Oracle Linux 5

Installation Guide for the Intel Server Control

How To Backup a SmartCenter

Over-the-top Upgrade Guide for Snare Server v7

Connection Broker Managing User Connections to Workstations, Blades, VDI, and more. Security Review

Server Automation Alert: Bootstrap SSL Certificate Expiration

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

SysPatrol - Server Security Monitor

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Introduction to Operating Systems

Red Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide

Instant Chime for IBM Sametime High Availability Server Guide

How To Run A Linux Agent On Alandesk (For Free) On A Linux Server (For A Non-Free) On Your Ubuntu Computer (For Cheap) On An Ubuntu 2.5 (For Ubuntu) On Linux

SQL Server 2008 R2 Express Edition Installation Guide

Service Release Notes 8.2

Field Installation Guide

Moving to Plesk Automation 11.5

CS197U: A Hands on Introduction to Unix

Moxa Device Manager 2.0 User s Guide

Getting Started Guide. Getting Started With Your Dedicated Server. Setting up and hosting a domain on your Linux Dedicated Server using Plesk 8.0.

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review

Sophos Anti-Virus for NetApp Storage Systems startup guide

MarkLogic Server. Installation Guide for All Platforms. MarkLogic 8 February, Copyright 2015 MarkLogic Corporation. All rights reserved.

Secure Agent Quick Start for Windows

Backup & Disaster Recovery Appliance User Guide

Citrix Client Installation

IBM Cloud Manager with OpenStack

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

GETTING STARTED WITH FLEXI-CLOUD

How Do I Recover infiniti Remotes and Line Cards?

Monitoring Clearswift Gateways with SCOM

Linux System Administration on Red Hat

Migrating MSDE to Microsoft SQL 2008 R2 Express

StruxureWare Data Center Expert Release Notes

QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide

Installing the Operating System or Hypervisor

Shellshock. Oz Elisyan & Maxim Zavodchik

MITA End-User VPN Troubleshooting Guide

PARALLELS SERVER 4 BARE METAL README

Parallels. for your Linux or Windows Server. Small Business Panel. Getting Started Guide. Parallels Small Business Panel // Linux & Windows Server

IBM Security SiteProtector System Configuration Guide

Setting up SQL Translation Framework OBE for Database 12cR1

Transcription:

DNA Evolution Bash Vulnerability Fix Guide 2014 StorageDNA, Inc. All rights reserved. The owner or authorized user of a valid copy of DNA Evolution may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies. StorageDNA, DNA Evolution and DNA Sync are trademarks of StorageDNA, Inc. Third-party trademarks are the property of their respective owners. Page 1 of 7

TABLE OF CONTENTS INTRODUCTION... 3 DIAGNOSTIC STEPS... 3 Updating the Bash Shell [Using CentOS/RedHat Repositories]... 4 Updating the Bash Shell [Offline Mode]... 6 FREQUENTLY ASKED QUESTIONS... 7 REFERENCES... 7 Page 2 of 7

INTRODUCTION Red Hat has recently been made aware of a security vulnerability affecting all versions of the bash package shipped with Red Hat and CentOS products. You may have heard of this security flaw also known as Shellshock. StorageDNA ships its servers pre-loaded with CentOS or Red Hat Linux, and recommends that the patch recently released by Red Hat be installed onto your systems. This patch will address this vulnerability, which could allow remote unauthenticated attackers the ability to run arbitrary code execution. Below are sets of detailed instructions that can help you identify if your system is vulnerable and address the issue by installing the patch. You can also contact StorageDNA by opening a support ticket on our site to assist with the installation: [http://www.storagedna.com/support/submit_request/] DIAGNOSTIC STEPS The first step is to login to your DNA Evolution controller s terminal as the root user. This can be done in multiple ways such as using terminal from MacOSX system, putty from Windows, or by logging into the Desktop via KVM and using Open Terminal in the right-click menu. Once you have logged into the DNA Evolution controller you can optionally test your version of Bash by running the following command to confirm if it is patched against the Shellshock vulnerability. If you would just like to update your system with the patch you can skip to the Updating the Bash Shell section. # env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" If the output of the above command contains a line containing only the word vulnerable you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Note that different Bash versions will also print different warnings while executing the above command. The Bash versions without any fix produce the following output: # env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" vulnerable bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)' bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable' bash: error importing function definition for `BASH_FUNC_x' test Page 3 of 7

The fix also ensures that the system is protected from the attacker being able to create a file and execute the contents. To test if your version of Bash is vulnerable to CVE-2014-7169 issue, run the following command: # cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo bash: x: line 1: syntax error near unexpected token `=' bash: x: line 1: `' bash: error importing function definition for `x' Fri Sep 26 11:49:58 GMT 2014 If your system is vulnerable, the time and date information will be output on the screen and a file called /tmp/echo will be created. If your system is not vulnerable, you will see output similar to: # cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo date cat: /tmp/echo: No such file or directory UPDATING THE BASH SHELL [USING CENTOS/REDHAT REPOSITORIES] If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command below. NOTE: DO NOT run a full update of the system using the command `yum update` without specifying the bash package as stated below. The DNA Evolution software relies on specific versions of libraries and packages to function properly, and your hardware drivers are built to run on a specific kernel release as well. If you have questions regarding the update or have specific requirements, please contact StorageDNA support. # yum update bash Running the command above will download the latest Bash shell package from the CentOS or Red Hat repositories based on your installed distribution. This does require that your server be connected on the LAN so that it can reach the public Internet, or if you are using the DNA Evolution Virtual Controller (VC) within VirtualBox/VMWare you will need to ensure that you are using the Bridged Adapter on your Mac to give the virtual controller access to the LAN. If your server is not connected to the Internet, running the above command will produce output stating that it Couldn t resolve host, meaning that it could not contact the CentOS/Red Hat repositories to download the patch. If you would like to download the latest Bash packages and copy them to the server that may be connected internally, on a closed private network, or when using the Host Only Network with VirtualBox/VMWare you can refer to the section: Updating the Bash Shell [Offline Mode]. Page 4 of 7

Once the yum command completes you can verify that you have the correct version of the bash shell loaded by running the command: # rpm q bash Below is a table outlining the minimum versions of Bash that incorporate the Shellshock fix. You can also optionally, rerun the diagnostic commands and ensure that they give you the desired output. Product/Channel CentOS Enterprise Linux 5 CentOS Enterprise Linux 6 Red Hat Enterprise Linux 6 Fixed in package bash-3.2-33.el5_10.4 bash-4.1.2-15.el6_5.2 bash-4.1.2-15.el6_5.2 bash-4.1.2-15.el6_4.2 Red Hat Enterprise Linux 5 bash-3.2-33.el5_11.4 bash-3.2-24.el5_6.2 bash-3.2-32.el5_9.3 Page 5 of 7

UPDATING THE BASH SHELL [OFFLINE MODE] If you were unable to update the bash shell using the yum updater, you can download the bash shell rpm packages manually, copy them to the server, and install them. First determine the Linux distribution that you are running by using the command: # cat /etc/redhat-release The output of the command will be one of the following: Linux Distribution CentOS Enterprise Linux 5 CentOS Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Output CentOS release 5.XX (Final) CentOS release 6.XX (Final) Red Hat Enterprise Linux Server release 5.X (Tikanga) Red Hat Enterprise Linux Server release 6.X (Santiago) You can download the bash packages from the following sites: Linux Distribution CentOS Enterprise Linux 5 CentOS Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Download Link http://mirror.centos.org/centos/5/updates/x86_64/rpms/bash-3.2-33.el5_10.4.x86_64.rpm http://mirror.centos.org/centos/6/updates/x86_64/packages/bash-4.1.2-15.el6_5.2.x86_64.rpm Login to Red Hat Customer Portal Login to Red Hat Customer Portal Now copy the RPM file to the server and run the following command, replace the filename with the one downloaded for your distribution. # yum localinstall bash-4.1.2-15.el6_5.2.x86_64.rpm Page 6 of 7

FREQUENTLY ASKED QUESTIONS Do I need to reboot or restart services after installing this update? No, a reboot of your system or any of your services is not required. This vulnerability is in the initial import of the process environment from the kernel. This only happens when Bash is started. After the update that fixes this issue is installed, such new processes will use the new code, and will not be vulnerable. Conversely, old processes will not be started again, so the vulnerability does not materialize. If you have a strong reason to suspect that a system was compromised by this vulnerability then a system reboot should be performed after the update is installed as a best security practice and security checks should be analyzed for suspicious activity. https://access.redhat.com/articles/1200223 REFERENCES Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information