Environment
Novell Service Desk Appliance versions 6.5.4, 7.0, 7.0.1, 7.0.2, 7.0.3
Situation
Shellshock, also known as Bashdoor, is a security vulnerability in the widely used Linux/Unix Bash shell. Novell Service Desk Appliance is affected by this security vulnerability. For more details on this, please visit http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29
Further information regarding these security issues can be found here:
- https://support.novell.com/security/cve/CVE-2014-6271.html
- https://support.novell.com/security/cve/CVE-2014-6277.html
- https://support.novell.com/security/cve/CVE-2014-6278.html
- https://support.novell.com/security/cve/CVE-2014-7169.html
- https://support.novell.com/security/cve/CVE-2014-7186.html
- https://support.novell.com/security/cve/CVE-2014-7187.html
For Novell Service Desk running on SLES operating system, please refer to TID 7015702, which provides specific instructions on how to apply the patch to the Operating System to address this issue.
For Novell Service Desk Virtual Appliance, please use the information provided in this document in order to overcome this vulnerability.
Resolution
The patch can be downloaded from download.novell.com under Service Desk product section or by clicking on the link to the shellshock_nsdpatch.sh here.
This patch applies only to Novell Service Desk Virtual Appliance. On the other hand, this patch will also be automatically included in any future update for Novell Service Desk Appliance.
This patch applies only to Novell Service Desk Virtual Appliance. On the other hand, this patch will also be automatically included in any future update for Novell Service Desk Appliance.
Additional Information
Setting Root Password (Skip this step if root password is already set)
If the root password was not set during deployment.
Transfer the patch script:
Transfer/copy shellshock_nsdpatch.sh to NSD Appliance using sftp/scp/winscp to /tmp
Update the rpm packages :
Login into the appliance as root user and execute the following command to update the packages.
Verify the installation :
In order to verify the Updates are Applied, use the following commands and compare the outputs.
If the root password was not set during deployment.
Login to Appliance console via ESx client(vSphere) and
select Appliance -> option 1
select Change root password -> option 7
select Enter new password -> option 1
Transfer the patch script:
Transfer/copy shellshock_nsdpatch.sh to NSD Appliance using sftp/scp/winscp to /tmp
Update the rpm packages :
Login into the appliance as root user and execute the following command to update the packages.
# cd /tmp
# ./shellshock_nsdpatch.sh
Verify the installation :
In order to verify the Updates are Applied, use the following commands and compare the outputs.
# rpm -qa | grep bashIf there are any issues in applying this patch, please contact Novell technical support for assistance.
bash-3.2-147.14.22.1
# rpm -qa | grep libreadline5
libreadline5-32bit-5.2-147.14.22.1
libreadline5-5.2-147.14.22.1