We are currently on the 7.0 platform on our CS1000. We have 2 linux based signaling servers and 2 linux based NRS servers. The shellshock vulnerability thru BASH on the linux boxes. Avaya is suggesting an upgrade from 7.0 to 7.6. Could we simply update bash on the linux side without upgrading everything to 7.6. This would help in the short term – at least we won’t be vulnerable to shellshock.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Avaya Linux Bash patch for signaling server
- Thread starter mb58
- Start date
- Thread starter
- #3
Thanks KCFLHRC that's what I've seen thus far from Avaya - was just wondering since this is a vulnerability with the bash shell of the Linux OS if patching could be done only to the Linux OS (using a patch available on the Red Hat Site)without updating, at least at this point, our Avaya cs1000 rel. 7.0. Has anybody done this or thought of trying?
- Thread starter
- #5
You can try to do this, that worked for me in other RedHat:
Take these informations from your CS1000 Linux systems:
1-
[root@madrid bin]# uname -a
[highlight #FCE94F]Linux XXXXXXXX 2.6.18-53.el5 #1 SMP Wed Oct 10 16:34:02 EDT 2007 i686 i686 i386 GNU/Linux[/highlight]
2-
Then you can do a "/bin/bash -version"
[highlight #FCE94F]GNU bash, version 3.1.17(1)-release (i686-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.[/highlight]
3- and finally:
# cat /etc/redhat-release
[highlight #FCE94F]Red Hat Enterprise Linux Server release 5.1 (Tikanga)[/highlight]
With the informations we find here, try to find a patch of bash defined at Red Hat site for the release of RedHat you find at your CS1000 that could work with the kernel. If you have the 7.0 version of CS1000 is possible that the bash-3.2-24.el5_6.2 is enough to substitute the bash you have.
As you have no possibility of using yum and no compilation with source code in your CS1000, you can install an RedHat 5.1 with the same kernel of your CS1000 (In the exemples 2.6.18 is enough to know your kernel), update with yum the bash to the last version it takes and copy /bin/bash to /bin/bash_old in your cs1000 and copy the /bin/bash from the RedHat 5.1 installed to the /bin/bash in your CS1000.
After these operations you can pass succesfully the tests for the Shellshock.
This is the only alternative I know, the other way is to follow the Avaya recommendations that makes you change to 7.6 versions.
Hope this information could be useful!![[bigsmile]](/data/assets/smilies/bigsmile.gif "[bigsmile] [bigsmile]")
Take these informations from your CS1000 Linux systems:
1-
[root@madrid bin]# uname -a
[highlight #FCE94F]Linux XXXXXXXX 2.6.18-53.el5 #1 SMP Wed Oct 10 16:34:02 EDT 2007 i686 i686 i386 GNU/Linux[/highlight]
2-
Then you can do a "/bin/bash -version"
[highlight #FCE94F]GNU bash, version 3.1.17(1)-release (i686-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.[/highlight]
3- and finally:
# cat /etc/redhat-release
[highlight #FCE94F]Red Hat Enterprise Linux Server release 5.1 (Tikanga)[/highlight]
With the informations we find here, try to find a patch of bash defined at Red Hat site for the release of RedHat you find at your CS1000 that could work with the kernel. If you have the 7.0 version of CS1000 is possible that the bash-3.2-24.el5_6.2 is enough to substitute the bash you have.
As you have no possibility of using yum and no compilation with source code in your CS1000, you can install an RedHat 5.1 with the same kernel of your CS1000 (In the exemples 2.6.18 is enough to know your kernel), update with yum the bash to the last version it takes and copy /bin/bash to /bin/bash_old in your cs1000 and copy the /bin/bash from the RedHat 5.1 installed to the /bin/bash in your CS1000.
After these operations you can pass succesfully the tests for the Shellshock.
This is the only alternative I know, the other way is to follow the Avaya recommendations that makes you change to 7.6 versions.
Hope this information could be useful!
- Thread starter
- #7
- Thread starter
- #8
admindsi
update:
#1 results of uname –a are…
Linux xxxxx.xxxx.xxxx.org 2.6.18-164.11.1.el5PAE #1 SMP Wed Jan 6 13:43:57 EST 2010 i686 i686 i386 GNU/Linux
#2 results of bash –version are…
3.2.25(1)
#3 results of cat etc/redhat-release are…
Red Hat Enterprise Linus Server release 5.3(Tikanga)
Results of rpm-qa bash are…
3.2-24.e15
Would a command like “yum update bash” work for us? Or is Yum stripped out of this Nortel version of linux. These linux boxes we are talking about can get out to the Internet - would we be able to update this way?
update:
#1 results of uname –a are…
Linux xxxxx.xxxx.xxxx.org 2.6.18-164.11.1.el5PAE #1 SMP Wed Jan 6 13:43:57 EST 2010 i686 i686 i386 GNU/Linux
#2 results of bash –version are…
3.2.25(1)
#3 results of cat etc/redhat-release are…
Red Hat Enterprise Linus Server release 5.3(Tikanga)
Results of rpm-qa bash are…
3.2-24.e15
Would a command like “yum update bash” work for us? Or is Yum stripped out of this Nortel version of linux. These linux boxes we are talking about can get out to the Internet - would we be able to update this way?
mb58
yum has been stripped out (the installation directory for yum is empty), and I don't recommend an complete installation from a package in a system so pre-configured as CS1000.
That's why I told "As you have no possibility of using yum and no compilation with source code in your CS1000, you can install an RedHat 5.1 with the same kernel of your CS1000 (In the exemples 2.6.18 is enough to know your kernel), update with yum the bash to the last version it takes and copy /bin/bash to /bin/bash_old in your cs1000 and copy the /bin/bash from the RedHat 5.1 installed to the /bin/bash in your CS1000."
With "install an RedHat 5.1 with the same kernel" I wanted to say in another PC.
I propose you to copy /bin/bash to /bin/bash_old in your cs1000 and take the /bin/bash from the file attached in this post and copy it to the /bin/bash of your CS1000.
Be careful with the new /bin/bash file permissions, they have to be the same as the old /bin/bash.
This is a bash executable that works fine in a kernel_2.6.18.xxx. That's the easiest way to upgrade your bash to protect you from shellshock. After that you can do the tests for the shellshock to confirm if its ok.
Good luck...
yum has been stripped out (the installation directory for yum is empty), and I don't recommend an complete installation from a package in a system so pre-configured as CS1000.
That's why I told "As you have no possibility of using yum and no compilation with source code in your CS1000, you can install an RedHat 5.1 with the same kernel of your CS1000 (In the exemples 2.6.18 is enough to know your kernel), update with yum the bash to the last version it takes and copy /bin/bash to /bin/bash_old in your cs1000 and copy the /bin/bash from the RedHat 5.1 installed to the /bin/bash in your CS1000."
With "install an RedHat 5.1 with the same kernel" I wanted to say in another PC.
I propose you to copy /bin/bash to /bin/bash_old in your cs1000 and take the /bin/bash from the file attached in this post and copy it to the /bin/bash of your CS1000.
Be careful with the new /bin/bash file permissions, they have to be the same as the old /bin/bash.
This is a bash executable that works fine in a kernel_2.6.18.xxx. That's the easiest way to upgrade your bash to protect you from shellshock. After that you can do the tests for the shellshock to confirm if its ok.
Good luck...
- Thread starter
- #10
- Status
Similar threads
- Locked
- Question
- Locked
- Question
