Patching for CVE-2014-7169
Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
Steps to Patch a Linux server:
1) Run the following command:
yum update bash
You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"
Related Articles
Cartika Security Policies
Securing the infrastructure, network, and hosting environment using best practices is a vital part of Cartika's ongoing security policy of providing a secure platform for your business or organization. DATACENTERS & PHYSICAL ACCESS SECURITY Full CCT ...
HIPAA Managed Policies
Securing the infrastructure, network, and hosting environment using best practices for HIPAA compliance is a vital part of Cartika's ongoing policy of providing a HIPAA compliant platform for your business or organization. DATACENTERS & PHYSICAL ...