Shellshock: Patch your Config Backup appliance

The revelation of Shellshock hit the internet by storm yesterday. The latest major vulnerability, on the scale of Heartbleed, revealed that every Unix based OS for almost the last 2 decades has been exploitable. The Config Backup for F5 appliance, being based on Centos 6.4/6.5, has vulnerable bash versions and should be patched immediately.

Note: CVE-2014-6271 is only partially resolved. Redhat (aka the upstream vendor) is working on a patch for the new vulnerability CVE-2014-7169 that will soon after reach the CentOS repository. When this is done you will need to run the update again. However, run the update now as it will help fix the more serious issues! The completey fixed version is 4.1.2-15.el6_5.2

To patch your appliance login via an SSH session or the VMWare console with the “console” username and run the following command –

sudo yum -y update bash

 

After yum retrieves the update database, you should eventually see something like this –

================================================================================
 Package       Arch            Version                   Repository        Size
================================================================================
Updating:
 bash          x86_64          4.1.2-15.el6_5.2          updates          905 k

Transaction Summary
================================================================================
Upgrade       1 Package(s)

Total download size: 905 k
Downloading Packages:
bash-4.1.2-15.el6_5.2.x86_64.rpm                         | 905 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : bash-4.1.2-15.el6_5.2.x86_64                                 1/2
  Cleanup    : bash-4.1.2-15.el6_5.1.x86_64                                 2/2
  Verifying  : bash-4.1.2-15.el6_5.2.x86_64                                 1/2
  Verifying  : bash-4.1.2-15.el6_5.1.x86_64                                 2/2

Updated:
  bash.x86_64 0:4.1.2-15.el6_5.2

Complete!

 

If you run the command and see the following you will need to clear to clear the yum metadata.

No Packages marked for Update

To clear the yum metadata you will need to run this command –

sudo yum clean metadata

Then re-run the update command –

sudo yum -y update bash
Tagged , , . Bookmark the permalink.
  • Any issues if a full ‘yum update’ had been done instead? Wasn’t sure what the equivalent of HF8 (for 11.5.1) would be for the backup appliance for GHOST, as well as shellshock.

    • Eric Flores

      Not that I know of. I you have a VM I would snapshot it just before you do the update just in case. Unfortunately, I am unable to make any updates on the project at this moment since I work for F5 now. I am in the process of getting approval but it takes a while.