Security advisory: "Shellshock" and "Aftershock" Vulnerability


There are two BASH security vulnerabilities called “Shellshock” CVE-2014-6271 and "Aftershock" CVE-2014-7169 that may affect customers of Aspera On Demand version 3.4.6 and earlier. "Aftershock" is due to an incomplete fix for "Shellshock," but both these vulnerabilities essentially allow attackers to remotely control any system using a Bash shell version 4.3 and earlier. Customers who have Aspera On Demand products 3.4.6 and earlier, a Bash shell 4.3 and earlier, and that run on Linux are vulnerable and should take the following steps to mitigate the security issue.  

Mitigation Steps

(1) Connect to your AMI host from a Terminal/Command Prompt via SSH as root:

        # ssh -i [customer's pem] -p 33001 [ec2-user]@[ec2 host IP]
        # sudo su -


2) Update the system by running  the following command:

# yum update bash 
Powered by Zendesk