EFA, ShellShock and CGI

General eFa discussion
Post Reply
operator207
Posts: 8
Joined: 06 May 2014 21:33

EFA, ShellShock and CGI

Post by operator207 »

User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: EFA, ShellShock and CGI

Post by darky83 »

It is as any other linux/osx based system out there vulnerable.

However only for the SSH/Bash part, I have done some testing with the proof of concept vulnerability code and the CGI scripts are not vulnerable (pfew... :pray: )

So if you run your system wide open to the internet you should do an yum update as soon as possible as SSH is vulnerable.

Code: Select all

yum -y --exclude="kernel* mysql* postfix* mailscanner* clamav* clamd*" update
The CentOS bash partly fixes the current vulnerability for SSH, however the current patch is not complete (https://access.redhat.com/security/cve/CVE-2014-7169) and there is no complete fix as of yet for CentOS.

I hope they release one by tomorrow, by that time I will try to create an EFA update 3.0.0.6 (which will do nothing more than do an forced bash yum update)
Version eFa 4.x now available!
operator207
Posts: 8
Joined: 06 May 2014 21:33

Re: EFA, ShellShock and CGI

Post by operator207 »

Thanks for the quick reply!

I assumed BASH/SSH would be vulnerable (it is kind of hard for it not to be), I was mostly concerned with the CGI parts. Glad it isn't! :D

I will be spending the evening running updates on my small army of VMs. :)

Thanks!
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA, ShellShock and CGI

Post by shawniverson »

Time for an update! We are working hard on getting 3.0.0.6 pushed out. Hopefully CentOS will be fully patched in time for our update to coincide ;)
dbator
Posts: 35
Joined: 20 Aug 2014 19:18

Re: EFA, ShellShock and CGI

Post by dbator »

Sorry for the dumb question but just to verify... So by updating my EFA from 3.0.0.5 to 3.0.0.6, I do not have to run the yum update as it has the bash update incorporated into it?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA, ShellShock and CGI

Post by shawniverson »

That is correct, first thing EFA-Update does is call yum update for you with all of the exclusions needed. Bash will be patched :)
dbator
Posts: 35
Joined: 20 Aug 2014 19:18

Re: EFA, ShellShock and CGI

Post by dbator »

Awesome thanks! I did the update last night. All is well :)
Post Reply