Shellshock bash exploit and AsteriskNOW

Get help with installing and running AsteriskNOW.

Moderators: Moderator, Support

Shellshock bash exploit and AsteriskNOW

Postby chinkle » Tue Sep 30, 2014 9:15 am

There have been no compromises reported relating to this issue on AsteriskNOW systems.

The "shellshock" bash exploit affects AsteriskNOW due to the underlying Linux system the distro is built on. Asterisk itself requires no action. In fact, this issue has been around for many years without incident.
Most AsteriskNOW systems are deployed behind firewallls with various security implementations that prevent this from being an issue. Internet facing devices are currently the biggest concern.

The "shellshock" bash exploit has been patched in the latest AsteriskNOW distro release (5.211.65-18), but there is ongoing debate as to whether the current patches to bash are complete. Please monitor the forum if you have concerns regarding "shellshock".

To patch existing AsteriskNOW installations simply update bash: yum update bash

For additional details:
http://community.freepbx.org/t/cve-2014 ... loit/24431
chinkle
Newsterisk
 
Posts: 3
Joined: Thu Apr 10, 2014 2:13 pm

Return to AsteriskNOW Support

Who is online

Users browsing this forum: No registered users and 1 guest