A mechanism for remote code execution through Bash has been widely reported yesterday and today (September 24, 2014.) http://seclists.org/oss-sec/2014/q3/650 Reported as CVE-2014-7169 or CVE-2014-6271
For reasons too stupid for me to explain in public, I am responsible for a server running RHEL 4 and with no update subscription. I could build a clone to test this, but I hope someone will have a direct answer.
- Has /bin/bash from Centos 4 been patched, or will it be?
- Can I just plop a (presumably patched) Centos 4 /bin/bash into my RHEL system as a workaround that will buy me several weeks? (I need until December 10)
No comments:
Post a Comment