000027867 - How to apply fix for BashBleed / ShellShock vulnerability for RSA Identity Management and Governance Platform (RSA IMG).

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027867
Applies ToRSA Identity Management and Governance
SUSE SLES 11 SP3
Red Hat Linux RHEL 5
IssueHow to apply fix for BashBleed / ShellShock vulnerability for RSA Identity Management and Governance Platform (RSA IMG).
Resolution

This document contains instructions for downloading, installing and running the ShellShock Fix for RSA Identity Management and Governance Platform (RSA IMG).


The audience for this document is the RSA IMG administrator.


Support


For technical support, contact support@RSA.com.


System Requirements


This fix supports RSA IMG appliance running the following operating systems:


?        SUSE SLES 11 SP3


?        Red Hat Linux RHEL 5


Note: If you are running a Soft Appliance, you should receive a BashBleed / ShellShock vulnerability patch directly from your operating system vendor. Contact support if you have any questions.


Download and Apply the Fix


Applying the fix requires a reboot of the appliance to ensure that any Bash dependent services are running the latest version installed from the update. Plan accordingly for any downtime.


Procedure


1.      Determine which operating system is installed on your RSA IMG appliance.


Log on to the appliance as root, and look for one of the following files in the /etc directory:


?        SuSE-release, which indicates that the operating system is SUSE SLES 11 SP3


?        redhat-release, which indicates that the operating system is Red Hat Linux RHEL 5


2.      Download the appropriate fix for the operating system and copy it to the /tmp directory on the appliance.


?        For SUSE, download RSA_IMG-ShellShock_Fix-SLES11_SP3_64-bit.zip


?        For Red Hat, download RSA_IMG-ShellShock_Fix-RHEL5_64-bit.zip.


3.      Change to the /tmp directory. Type:


cd /tmp/


4.      Extract the fix from the .zip file. Type:


unzip RSA_IMG-ShellShock_Fix-*_64-bit.zip


5.      Run the following command to install the fix:


rpm -Uiv /tmp/RSA_IMG-ShellShock_Fix-*_64-bit/*.rpm


6.      Reboot the appliance. Type:


init 6


Verify the Fix


Procedure


1.      Log on to the appliance as root.


2.      Run the following command:


env x='() { :;}; echo vulnerable' sh -c "echo this is a test"


3.      Review the message that message that displays to determine whether or not the system is still vulnerable. If the system is still vulnerable, contact Customer Support for assistance.


If you see the following message, the system is no longer vulnerable:


sh: warning: x: ignoring function definition attempt


sh: error importing function definition for `x'


this is a test


If you see the following message, the system is still vulnerable:


vulnerable


this is a test


4.      Run the following command:


cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo


5.      Review the message that message that displays to determine whether or not the system is still vulnerable. If the system is still vulnerable, contact Customer Support for assistance.


If you see the following message, the system is no longer vulnerable:


date


cat: /tmp/echo: No such file or directory


If you see the following message, the system is still vulnerable:


bash: x: line 1: syntax error near unexpected token `='


bash: x: line 1: `'


bash: error importing function definition for `x'


<timestamp>


Where <timestamp> is the date and time that you ran the command.

Legacy Article IDa68030

Attachments

    Outcomes