Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000026783 - How to rollback the Shellshock Security Patch on the RSA Security Analytics server and core appliances

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 4Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000026783
Applies To	RSA Security Analytics RSA Security Analytics 10.2 RSA Security Analytics Server RSA Security Analytics Core Appliance CentOS 6
Issue	How to rollback the Shellshock Security Patch on the RSA Security Analytics server and core appliances.
Resolution	The following steps will have to be carried out on the Security Analytics Server 1) Check if the /var/netwitness/srv/www/rsa/updates/ directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm. If not, continue to Step 2. Otherwise, skip to Step 3. 2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/netwitness/srv/www/rsa/updates/. 3) Navigate to the /var/netwitness/srv/www/rsa/updates/ directory. 4) Issue the following command: yum downgrade bash-4.1.2-15.el6_4.x86_64.rpm You can confirm if it has downgraded by issuing the following command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the package was successfully downgraded, the word vulnerable will be displayed. The following steps need to be carried out on Core Appliances (Decoder, Saw..etc) 1) Check if the /var/cache/yum/x86_64/6/nwupdates/packages directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm. If not, continue to Step 2. Otherwise, skip to Step 3. 2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/cache/yum/x86_64/6/nwupdates/packages. 3) Navigate to the /var/cache/yum/x86_64/6/nwupdates/packages directory. 4) Issue the following command: rpm -Uvh bash-4.1.2-15.el6_5.2.x86_64.rpm --force You can confirm if it has downgraded by issuing the following command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the package was successfully downgraded, the word vulnerable will be displayed. If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Notes	For instructions on how to install the Shellshock Security Patch on RSA Security Analytics appliances, refer to the knowledgebase article How to install the Shellshock Security Patch on RSA NetWitness and Security Analytics appliances.
Legacy Article ID	a68179

Attachments

Outcomes

0 Comments

Recommended Content