-
Título
vRanger and Bash Shellshock vulnerability -
Descrição
Information on vRanger and the Bash Shellshock vulnerability (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)
-
Causa
known vulnerability in Bash shell
More information on the Shellshock vulnerabilities can be found at nvd.nist.gov
-
Resolução
A patch has been made to address the vulnerability. Please download the proper attachment and deploy on your vRanger Virtual Appliances (VA)
For vRanger 6.x and lower VA (32-bit), use patch: bash-4.1.17.tar.gz
For vRanger 7.x VA (64-bit), use patch: bash-4.2.53.tar.gz
Transfer patch to VA:
1. Using an FTP program that supports SSH (Filezilla recommended), connect to the VA on port 22 using root credentials
2. Upload the tar bundle to / directory
3. Logout and exit the FTP program
Apply patch:
1. Open an SSH connection to the VA (putty recommended) using root credentials
2. Change directory to the / directory
3. Run the following command:
tar zxvf bash-X.X.XX.tar.gz (where X.X.XX is the version)
4. Reboot the VA:
shutdown -r now
Reboot is only to ensure all processes start using the new binaries. If desired, the reboot can be delayed until a time that is convenient
If you would like to delete the patch files, run the following command: rm /bash-X.X.XX.tar.gz (where X.X.XX is the version)
5. To confirm that the patch has been applied correctly, run the following command on the VA:
env var='() { ignore this;}; echo vulnerable' bash -c /bin/true
-
ID do defeito
17256 -
Informações adicionais
vRanger 7.1.1 will feature a new VA that has already been patched