Article Content
Article Number | 000026783 |
Applies To | RSA Security Analytics RSA Security Analytics 10.2 RSA Security Analytics Server RSA Security Analytics Core Appliance CentOS 6 |
Issue | How to rollback the Shellshock Security Patch on the RSA Security Analytics server and core appliances. |
Resolution | The following steps will have to be carried out on the Security Analytics Server 1) Check if the /var/netwitness/srv/www/rsa/updates/ directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm. If not, continue to Step 2. Otherwise, skip to Step 3. 2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/netwitness/srv/www/rsa/updates/. 3) Navigate to the /var/netwitness/srv/www/rsa/updates/ directory. 4) Issue the following command: yum downgrade bash-4.1.2-15.el6_4.x86_64.rpm You can confirm if it has downgraded by issuing the following command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the package was successfully downgraded, the word vulnerable will be displayed. The following steps need to be carried out on Core Appliances (Decoder, Saw..etc) 1) Check if the /var/cache/yum/x86_64/6/nwupdates/packages directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm. If not, continue to Step 2. Otherwise, skip to Step 3. 2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/cache/yum/x86_64/6/nwupdates/packages. 3) Navigate to the /var/cache/yum/x86_64/6/nwupdates/packages directory. 4) Issue the following command: rpm -Uvh bash-4.1.2-15.el6_5.2.x86_64.rpm --force You can confirm if it has downgraded by issuing the following command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the package was successfully downgraded, the word vulnerable will be displayed. If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance. |
Notes | For instructions on how to install the Shellshock Security Patch on RSA Security Analytics appliances, refer to the knowledgebase article How to install the Shellshock Security Patch on RSA NetWitness and Security Analytics appliances. |
Legacy Article ID | a68179 |