The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Discussion in 'cPanel Announcements' started by cPanelCory, Sep 25, 2014.

Thread Status:
Not open for further replies.
  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry points where this vulnerability could be exploited. This blog post from Red Hat demonstrates how such attacks are possible: https://securityblog.redhat.com/201...-environment-variables-code-injection-attack/

    CVE-2014-7169 is a second vulnerability in all versions of GNU Bash. This second CVE covers attack vectors that were not fixed in the initial updates for CVE-2014-6217. Targeting CVE-2014-7169 is more complicated for an attacker. The authors of GNU Bash are currently working on updates to address CVE-2014-7169. This article from Red Hat has additional details about this flaw: https://access.redhat.com/articles/1200223

    What does this mean for cPanel servers?

    cPanel & WHM does not provide any copies of the Bash shell. The Red Hat, CentOS and CloudLinux operating systems that cPanel & WHM is installed on provide the Bash shell as their default /bin/sh interpreter. All three distros have published patched versions of the Bash shell to their mirrors to address CVE-2014-6217. To update any affected servers, run “yum clean all" to clear YUM's local caches followed by "yum update” to install the patched version of Bash. After Bash is updated you should reboot the system.

    You can ensure you are updated by running the command "rpm -q bash". The package information displayed should match the version numbers provided by Red Hat at https://access.redhat.com/solutions/1207723

    Red Hat Enterprise Linux 7 - bash-4.2.45-5.el7_0.2
    Red Hat Enterprise Linux 6 - bash-4.1.2-15.el6_5.1
    Red Hat Enterprise Linux 5 - bash-3.2-33.el5.1

    RedHat, CentOS and CloudLinux are expected to release additional updates to address CVE-2014-7169. Once these updates are released, you should repeat the update process for the new version of Bash.

    Notifications about security updates for Red Hat, CentOS, and CloudLinux can be found at the following URLs:

    Red Hat RHSA-announce Info Page
    CentOS CentOS-announce Info Page
    CloudLinux Blogs

    What steps do I need to take as an Admin/root of our servers running cPanel & WHM?

    Once the RPM of Bash has been updated and the system rebooted, you are fully protected.

    cPanel also recommends that you configure the system to automatically update both the base operating system and the cPanel & WHM software automatically. These settings are located in WHM's "Update Preferences" interface.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page