Vicibox has the bash bug

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

Vicibox has the bash bug

Postby mcargile » Fri Sep 26, 2014 10:32 am

As the Shellshock BASH bug that is in the news has been around for over 20 years, all versions of Vicibox are effected. Vicibox 5 and 6 have patched versions of bash available which were released last night. Run the following two commands to get the updates:

Code: Select all
zypper refresh
zypper up


If you get any messages while running those two commands read them carefully. Once done reboot the server then log in and copy the following to the command line and run it:

Code: Select all
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"


If the updates were not successful you will see this:

Code: Select all
vulnerable
this is a test


If it was successful you will just see this:

Code: Select all
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test


If you are running a version of Vicibox older than 5, you should seriously think about updating.
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 614
Joined: Tue Jan 16, 2007 9:38 am

Re: Vicibox has the bash bug

Postby williamconley » Fri Sep 26, 2014 2:34 pm

I've actually found this on servers since Vicibox 2. But not in the Old Ubuntu distro.

And while I agree that a zypper up is a good idea (no use leaving the door open even if no one can get to that floor, LOL), I've not yet heard of an exploit or vulnerability that applies to php/mysql/apache/etc in Vicidial unless someone activates CGI (at this point).

Whitelisting (even after this upgrade) is still my strongest suggestion. Those who have NO access to your server should have no capability to even test for vulnerabilities.

viewtopic.php?f=7&t=33527&p=114163#p114163
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 64 guests