Best answer by dlink7
Regardless of the patch, keeping managment seperated is the first step. You can also use iptables on the CVM to restrict traffic.
View original
Shellshock Bash Vulnerability
It looks like my CVM's running 4.0.1.1 are vulnerable to the now hyped-up CVE-2014-6271. What is the official Nutanix stance on remediating the vulnerability - should I wait for an NOS hotfix or can I pull down the relevant CentOS patch?
Userlevel 1
+9
- Nutanix Employee
- 14 replies
-
29 September 2014
Hello, It is not supported to apply patches from other sources. Also, please note the field advisory that went out for Shellshock: FIELD ADVISORY #0023 - https://s3.amazonaws.com/ntnx-portal/alerts/Nutanix-Field-Advisory_0023.pdf - posted on our support.nutanix.com site as well.. Thanks!
+3
I think so!
It may be possible but it's definitely not supported/recommended.
+3
Is it possible to apply the official CentOS bash not vulnerable packeage on the CVM?
You can check it with something like:
env VAR='() { :;}; echo I am vulnerable!' bash -c "echo Bash Test"
Just finish to fix a lot of CentOS boxes with bash-4.1.2-15.el6_5.2.x86_64
Cheers,
Rick
You can check it with something like:
env VAR='() { :;}; echo I am vulnerable!' bash -c "echo Bash Test"
Just finish to fix a lot of CentOS boxes with bash-4.1.2-15.el6_5.2.x86_64
Cheers,
Rick
Userlevel 4
+21
- Nutanix Employee
- 144 replies
-
26 September 2014
- Answer
Regardless of the patch, keeping managment seperated is the first step. You can also use iptables on the CVM to restrict traffic.
Per conversation with my SRE, it sounds like Nutanix will be pulling the hotfix down from CentOS and porting it into an upcoming release. Specific timing should be disclosed later today.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.