CVE-2014-6271 & CVE-2014-7169

After couple of days trouble today we got a fix from Centos for the so famous bash security issue ( For known loop holes
CVE-2014-6271 & CVE-2014-7169 )

CentOS 5 Fix :-

* i386:
( sha256sum ) 9755e86ad8536c908f95340be308190b52989bfa0d9268a461c40a3f0d493bc7 : bash-3.2-33.el5_10.4.i386.rpm

* x86_64:
( sha256sum) b1e14edd0d675c6fb0be64cb875fbd9fac208a58e427ea32f373c9359b35642c : bash-3.2-33.el5_10.4.x86_64.rpm

CentOS 6 Fix: –

* x86_64:

http://mirror.centos.org/centos/6/updates/x86_64/Packages/bash-4.1.2-15.el6_5.2.x86_64.rpm

* i386:

http://mirror.centos.org/centos/5/updates/i386/RPMS/bash-3.2-33.el5_10.4.i386.rpm

Test Output : –

[root@ ~]# rpm -qa | grep bash
bash-3.2-32.el5

[root@ ~]# env X='() { (a)= >\’ bash -c “echo date”;
bash: X: line 0: syntax error near unexpected token `=’
bash: X: line 0: `X () { (a)= >\’
bash: error importing function definition for `X’
date
[root@ ~]#

* After updating to latest bash rpm.

[root@ ~]# rpm -qa | grep bash
bash-3.2-33.el5_10.4
[root@ ~]#

[root@ ~]# env X='() { (a)= >\’ bash -c “echo date”;
date
[root@ ~]#

Reference :-

http://lists.centos.org/pipermail/centos-announce/2014-September

CentOs Fix for Bash Bug ( CVE-2014-6271 & CVE-2014-7169 )

Subscribe Adminlogs

Random Posts

Recent Comments