Shellshock Bash Vulnerability

The recently discovered Shellshock Bash security hole is causing concern and alarm by users of Unix and Linux platforms. The vulnerability is in the Bash shell. That shell gets used by a large number of packages in a variety of ways. Among other things, Shellshock exposes any platform that acts on DHCP packets from a potentially malicious DHCP server. Swarm does not allow SSH or expose a shell directly. Nor does it use Bash when interpreting HTTP headers and query arguments. However, the DHCP exploit could expose Swarm nodes when DHCP is used during the boot process if those nodes are on the public internet.

We have made a patch release of Swarm, v7.1.3, that upgrades to a new version of Bash, where the Shellshock hole has been fixed. You may download this from our website. The Cloudscaler demo VM will be updated to this version in a few days.

If a CFS server was installed using the Quickstart ISO (contact support), the update should be supplied by the default CentOS repository. Instructions are below.

Several Swarm products also run on Linux platforms maintained by 3rd party partners and customers. We recommend that you upgrade these platforms to later versions of Bash that close this hole. See [] on how to test whether Bash is vulnerable. On CSN, this will require first unlocking and then relocking the platform distribution.

Instructions are below.

Many of you will have plans for responding to the Shellshock Bash security hole that rely on firewalls and other network protection to secure internal servers, including those running Swarm products. The patched releases and remedial steps above are most urgent for servers exposed to the public internet. Please contact DataCore Support if you have any questions about your own response plan.

Instructions for removing CSN version lock in order to update bash:

1. Disable the version lock by editing /etc/yum/pluginconf.d/versionlock.conf and setting enabled = 0.

2. Update bash, e.g.: yum -y update bash

3. Enable the version lock by editing /etc/yum/pluginconf.d/versionlock.conf and setting enabled = 1.

4. Re-write the versionlock list by running rpm -qa | grep -v caringo >/etc/yum/pluginconf.d/version

© DataCore Software Corporation. · · All rights reserved.