I just got a security flash from CERT-SE that informed me that there have been a severe security issue detected in unix shell.
The vulnerability lets a potential attacker execute malicious code in the shell, and gain access to the system.
At present there are no known workarounds for this issue, except running a WAF. To test if your system is afflicted by this issue, you can run the following command in the commandline:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If your system is afflicted, you will see the following output in your shell:
vulnerable
this is a test
At present this vulnerability is known to be exploited by atleast one worm.
Yes, thanks for bringing attention to this. If you have auto OS updates enabled on your InterWorx box, the update should have been applied. Otherwise, definitely run yum update to secure your system.
In any case, keeping OS Updates enabled on your InterWorx boxes is highly recommended and will ensure your box receives the updated patch when it’s released by red hat.
To check your update settings, log into NodeWorx and go to Server >> Software Updates.
In any case, keeping OS Updates enabled on your InterWorx boxes is highly recommended and will ensure your box receives the updated patch when it’s released by red hat.
To check your update settings, log into NodeWorx and go to Server >> Software Updates.[/QUOTE]