000026783 - How to rollback the Shellshock Security Patch on the RSA Security Analytics server and core appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026783
Applies ToRSA Security Analytics
RSA Security Analytics 10.2
RSA Security Analytics Server
RSA Security Analytics Core Appliance
CentOS 6
IssueHow to rollback the Shellshock Security Patch on the RSA Security Analytics server and core appliances.
Resolution
The following steps will have to be carried out on the Security Analytics Server
1) Check if the /var/netwitness/srv/www/rsa/updates/ directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm.  If not, continue to Step 2.  Otherwise, skip to Step 3.
2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/netwitness/srv/www/rsa/updates/.
3) Navigate to the /var/netwitness/srv/www/rsa/updates/ directory.
4) Issue the following command:  yum downgrade bash-4.1.2-15.el6_4.x86_64.rpm
 
You can confirm if it has downgraded by issuing the following command:  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the package was successfully downgraded, the word vulnerable will be displayed.
 


The following steps need to be carried out on Core Appliances (Decoder, Saw..etc) 
1) Check if the /var/cache/yum/x86_64/6/nwupdates/packages directory contains the file bash-4.1.2-15.el6_4.x86_64.rpm.  If not, continue to Step 2.  Otherwise, skip to Step 3.
2) Copy the bash-4.1.2-15.el6_4.x86_64.rpm file to the location /var/cache/yum/x86_64/6/nwupdates/packages.
3) Navigate to the /var/cache/yum/x86_64/6/nwupdates/packages directory.
4) Issue the following command:  rpm -Uvh bash-4.1.2-15.el6_5.2.x86_64.rpm --force
 
You can confirm if it has downgraded by issuing the following command:  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the package was successfully downgraded, the word vulnerable will be displayed.
 
 
 
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
NotesFor instructions on how to install the Shellshock Security Patch on RSA Security Analytics appliances, refer to the knowledgebase article How to install the Shellshock Security Patch on RSA NetWitness and Security Analytics appliances.
Legacy Article IDa68179

Attachments

    Outcomes