cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169
CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry points where this vulnerability could be exploited. This blog post from Red Hat demonstrates how such attacks are possible:
What does this mean for cPanel servers?
cPanel & WHM does not provide any copies of the Bash shell. The Red Hat, CentOS and CloudLinux operating systems that cPanel & WHM is installed on provide the Bash shell as their default /bin/sh interpreter. All three distros have published patched versions of the Bash shell to their mirrors to address CVE-2014-6217. To update any affected servers, run "yum clean all" to clear YUM's local caches followed by "yum update" to install the patched version of Bash. After Bash is updated you should reboot the system.
You can ensure you are updated by running the command "rpm -q bash". The package information displayed should match the version numbers provided by Red Hat at http://lists.centos.org/mailman/listinfo/centos-announce]CentOS-announce Info Page
CloudLinux [url=http://cloudlinux.com/blog/]Blogs
What steps do I need to take as an Admin/root of our servers running cPanel & WHM?
Once the RPM of Bash has been updated and the system rebooted, you are fully protected.
cPanel also recommends that you configure the system to automatically update both the base operating system and the cPanel & WHM software automatically. These settings are located in WHM's "Update Preferences" interface.
-
Hello, Please direct additional discussion of this topic to the following thread: Bash Code Injection Vulnerability via Specially Crafted Environment Variables Thank you. 0
Please sign in to leave a comment.
Comments
1 comment