BASH vulnerability in RHEL based systems
Posted by Anthony N on 24 September 2014 10:29 PM
There is a reported vulnerability for BASH on RHEL based distributions. This affetcs the following versions
Red Hat Enterprise Linux 4/5/6/7
We have pushed the patch for this vulnerability to whole servers that we directly manage via ntServerGuard. The patch will be applied to whole servers with ntServerGuard in next few hours. For servers running without ntServerGuard, we have pushed updates manually. If you notice BASH is older on your server, please feel free to contact support.
PS :- We are aware that the security flaw is not completely fixed yet. We will keep an eye on it and we will deploy the changes as soon as the update is available.
WHAT WE HAVE DONE TO THIS
1. Deployed the BASH update to all servers as soon as the initial patch was available
2. When news were coming out saying it was an incomplete patch, mod_sec rule recommended by RedHat was deployed via ntServerGuard to prevent exploit via HTTP
3. When complete fix was availale, pushed the update via ntServerGuard