000017204 - How to install the Shellshock Security Patch on RSA DLP 9.5 and 9.6 Network appliances

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000017204
Applies ToRSA Data Loss Prevention
RSA DLP Network 9.5.x
RSA DLP Network 9.6.x
Shellshock Vulnerability
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278
Bash
IssueHow to install the Shellshock Security Patch on RSA DLP 9.5 and 9.6 Network appliances.
Resolution

In order to protect against multiple bash vulnerabilities that have come to light, RSA has provided a Shellshock Security Patch for CentOS-based Data Loss Prevention appliances and virtual machines.  Follow the steps below to confirm that the vulnerability is present and to patch it accordingly.

 

Confirm that the Vulnerability is Present

  1. Open an SSH session to the network appliance or virtual machine.

  2. Login as tablus and note the version of DLP (9.5.1xxx.xxx or 9.6.1xxx.xxx).

  3. Exit to a shell prompt (Option 6 then Option 1).

  4. Run the following command line to observe the vulnerability:  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output is similar to the example below (with the word "vulnerable" being echoed), this indicates that the appliance or virtual machine requires the patch.

vulnerable
this is a test

 

 

Download and Apply the Security Patch

  1. Download the Shellshock Security Patch from the SecurCare Online (SCOL) portal.

  2. Unzip the dlp_shellshock.zip file that is downloaded, in which will be two RPM packages:  bash-3.2-33.el5_11.4.i386.rpm and bash-4.1.2-15.el6_5.2.x86_64.rpm

  3. Verify the CentOS version on the appliance where the patch will be applied by connecting to the appliance via SSH as the root user and issuing the uname -a command.
         NOTE:  CentOS 5 appliances will display el5 in the version, whereas CentOS 6 will display el6.

  4. If necessary, install the appropriate CentOS GPG certificate from the CentOS repository.
         CentOS 5:  rpm --import http://mirror.centos.org/centos-5/5.11/os/i386/RPM-GPG-KEY-CentOS-5
         CentOS 6:  rpm --import http://mirror.centos.org/centos-6/6.5/os/x86_64/RPM-GPG-KEY-CentOS-6

  5. After confirming the CentOS version on the appliance, use WinSCP or your preferred FTP client to transfer the appropriate package to the /tmp directory on the appliance.

  6. On the appliance, switch to the root user by issuing the su command and entering the password at the prompt.

  7. Navigate to the /tmp directory by issuing the cd /tmp command.

  8. Issue the appropriate command below to install the Shellshock Security Patch.
         CentOS 5:  rpm -Fvh bash-3.2-33.el5_11.4.i386.rpm
         CentOS 6:  rpm -Fvh bash-4.1.2-15.el6_5.2.x86_64.rpm

  9. Verify that the new version has been installed by issuing the following command:  rpm -qa | grep bash

  10. Follow the instructions in the previous section to verify that the word "vulnerable" is no longer being echoed.

  11. Remove the RPM files from the /tmp directory.
         CentOS 5:  rm /tmp/bash-3.2-33.el5_11.4.i386.rpm
         CentOS 6:  rm /tmp/bash-4.1.2-15.el6_5.2.x86_64.rpm

  12. Type the command exit to return to the tablus user.

  13. Type the command tabmenu to get into the tablus menu.

  14. Choose Option 6 then Option 3 to reboot the appliance or virtual machine.
         CAUTION:  If the appliance or virtual machine is an Interceptor or ICAP server then there will be a service interruption for end-users.

  15. Repeat steps 3-14 for all other appliances and/or virtual machines running RSA DLP 9.5.x or 9.6.x.

 

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

NotesFor a comprehensive list of RSA Products and how they are affected by these bash vulnerabilities, along with their remediation status, refer to the knowledgebase article Bash bug Vulnerability (Shellshock) in RSA products.
Legacy Article IDa68112

Attachments

    Outcomes