[Koha] Shellshock
Paul A
paul.a at navalmarinearchive.com
Sat Sep 27 10:39:20 NZST 2014
At 02:28 PM 9/26/2014 -0400, Steven Nickerson wrote:
>With the finding of the most recent "Shellshock" vulnerability with the BASH
>shell, I'm wondering If Koha uses the BASH shell in any way? I'm pretty
>sure it does not, but just wanted to make sure. I realize that the Linux
>system Koha is running on likely has the BASH shell that probably has the
>vulnerability, but I'm just trying to ascertain if a potential hacker could
>get to system through the Koha application.
It's fairly trivial (less than a minute per box Debian/Ubuntu; surely RHEL
has something equivalent) to install the (perhaps not final) patch:
apt-get install bash
Then verify with:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
Best -- Paul
More information about the Koha
mailing list