VisibleThread Help Center

    How to remediate your on premise server against 'Shellshock'

    Follow

    How to test if you are effected by the "Bashbug" or "Shellshock" vulnerability

    To test if your on-premise deployment is vulnerable to the bash vulnerability run the following command in a 
    console:

    env x='() { :;}; echo vulnerable' bash -c 'echo hello'

     

    If your system is vulnerable you will see the following output:

     

    vulnerable hello

     

    If your system is not vulnerable you will see the following output:

    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    hello

     

    How to remediate your deployment

     

    The remediation will depend on which version of the Ubuntu Operating system you are running. To check which version you are running type the following in to your command line:

    lsb_release -a

     

    Updating Ubuntu 12.04

    For VisibleThread VM's running Ubuntu 12.04, the easiest way to apply the upgrade path is to run the in-built Ubuntu package upgrader. Note this will only work if your VisibleThread VM has access to the Ubuntu update repositories on the internet.

    To update directly from the Ubuntu repositories run the following:

     

    sudo apt-get update && sudo apt-get install bash

     

    dpkg -s bash | grep Version

     

    This should output 'Version: 4.2-2ubuntu2.3' . Your system has now been patched.

     

    If your VisibleThread VM does not have access to the Ubuntu update repositories on the internet you can upload and deploy the required packages manually.

    Attached to this post are three patch files, 'bash_4.2-2ubuntu2.3_amd64.deb', 'bash-builtins_4.2-2ubuntu2.3_amd64.deb' and 'bash-static_4.2-2ubuntu2.3_amd64.deb'

     

    Upload these files to your VisibleThread appliance via SSH (Secure Shell) using port 22. The easiest way to do this is to use on of a number of freely available tools such as FileZilla (http://filezillaproject.org/) or WinSCP (http://www.winscp.net).

    Connect to your Virtual Appliance using the following details:

    - IP Address: The IP Address of your Virtual Appliance

    - username: visiblethread

    - Password: password (unless changed after deployment)

    - Port: 22

     

    Now upload the patch files to:

     

    /home/visiblethread

     

    Next, log on to the VisibleThread appliance console and execute the following commands:

      

    sudo dpkg -i bash_4.2-2ubuntu2.3_amd64.deb bash-builtins_4.2-2ubuntu2.3_amd64.deb bash-static_4.2-2ubuntu2.3_amd64.deb


    dpkg -s bash | grep Version

     

     This should output 'Version: 4.2-2ubuntu2.3' . Your system has now been patched.

     

    Updating older VisibleThread VM versions

    For older VisibleThread VM's running a previous Ubuntu OS, there is no pre-built package available. For details on how to patch these VM's contact our support team at support@visiblethread.com

     

     If you have any questions or would like to talk please contact us : support@visiblethread.com

    Was this article helpful?
    0 out of 0 found this helpful

    Comments