Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84828members
354281posts

PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

APC UPS Data Center & Enterprise Solutions Forum

Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.

Solved
jasonblake7_apc
Crewman
Crewman
0 Likes
5
299

PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This was originally posted on APC forums on 9/26/2014


Hi Guys.

IS the PCNS 3.1 OVF10 ova VA vulnerable to the BASH shellshock Linux Exploit.?

I assume it is as it is Linux based Server.

Has anyone got any ideas how to patch it if it is ?

Thanks


Accepted Solutions
BillP
Administrator Administrator
Administrator
0 Likes
0
299

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This reply was originally posted by Anonymous on APC forums on 9/26/2014


Hello Jason,

When you deploy the virtual appliance initially, you are asked to give a password for the root. You need to log in to the appliance using root as username and the password you created.

Once logged into the virtual appliance, at the root prompt type yum update. It will automatically update. Screenshot is attached below (I hope it is readable).

2478_example.png

You can check your system after the patch update to check its vulnerability using the following command on the command line:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The patched system will output the following::

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

this is a test

2479_example2.png

I hope this is more clear.

Regards,

B

See Answer In Context

5 Replies 5
BillP
Administrator Administrator
Administrator
0 Likes
0
299

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This reply was originally posted by Anonymous on APC forums on 9/26/2014


Hi Jason,

If you run "yum update" to update the appliance to use the patched version of bash.

Regards,

B

jasonblake7_apc
Crewman
Crewman
0 Likes
0
299

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This was originally posted on APC forums on 9/26/2014


Hi QueenB...

How to you run the update ?

BillP
Administrator Administrator
Administrator
0 Likes
0
300

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This reply was originally posted by Anonymous on APC forums on 9/26/2014


Hello Jason,

When you deploy the virtual appliance initially, you are asked to give a password for the root. You need to log in to the appliance using root as username and the password you created.

Once logged into the virtual appliance, at the root prompt type yum update. It will automatically update. Screenshot is attached below (I hope it is readable).

2478_example.png

You can check your system after the patch update to check its vulnerability using the following command on the command line:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The patched system will output the following::

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

this is a test

2479_example2.png

I hope this is more clear.

Regards,

B

jasonblake7_apc
Crewman
Crewman
0 Likes
0
299

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This was originally posted on APC forums on 9/30/2014


Hi B...

thanks for the response.

The system updated ok from the Yum update command.

But when I try the command I do not get outputted the bash warnings as above. I only get "this is a test"

Any thoughts ?

BillP
Administrator Administrator
Administrator
0 Likes
0
298

Re: PCNS 3.1 OVF10 ova..... is it vulnerable to the BASH shellshock Linux Exploit.

This reply was originally posted by Bill on APC forums on 9/30/2014


Hi,

Be sure to type the command exactly. Adding or removing a space will cause the command not to run properly. In the below example the first time I ran the command I added a space between x=' () and the system returned this is a test. The second time I remove the space and the system reported it was vulnerable and this is a test since I have not run yum update yet. 

2480_pastedImage_0.png