Jump to content


Global vulnerability of CentOS Operating system

Need to patch

  • Please log in to reply
No replies to this topic

#1 Guest_Kayalvizhi Subramaniam_*

Guest_Kayalvizhi Subramaniam_*
  • Guests

Posted 25 September 2014 - 04:07 PM

We have been notified about a global exploit vulnerability on servers running CentOS operating system. The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the bash shell(ssh session). These variables can contain code, which gets executed as soon as the shell (ssh session) is invoked. For more details about this vulnerability, you can read through the following links :-

https://securityblog...jection-attack/
https://access.redha...rticles/1200223


You need to patch your CentOS servers immediately to prevent it from code injection attacks using bash(ssh session). This vulnerability patching can be done in 2 ways. You can apply the patch using our RPMs. This RPM is not available globally as we have created it for our purpose. Please refer the following steps :-

1. Download the RPMs based on the OS versions.

For CentOS 5 - https://www.dropbox....x86_64.rpm?dl=0
For CentOS 6 - https://www.dropbox....x86_64.rpm?dl=0

You can download it using the command "wget <link>".

2. Install the RPM using this command : rpm -Uvh --force <package_name>

Once you perform this, please do not run "yum update" as it will override the changes and open up an another way of this exploit.

If you face any issues in patching your CentOS servers, please open a ticket with our Support team and we will be glad to assist you.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users