Summary

A security vulnerability in the bash shell, the command-line shell used by the Linux operating system, could leave systems running those operating systems open to exploitation by specially crafted attacks.

Epicor’s Response

We have reviewed the Eclipse software and verified that none of our products are directly affected by this vulnerability.

Customer Action

While the Eclipse software is not directly affected by this vulnerability, we highly recommend that our customers take the following actions to safeguard their servers:

1. Install the updated bash software update as soon as possible, using the command

   yum update bash

2. Do not make the Linux server directly accessible on the Internet. Use a VPN to remotely access the server.
3. Continue to install Red Hat software updates on a regular basis.

For more information, please read the following articles on Red Hat’s website:

• Bash specially-crafted environment variables code injection attack
• Frequently Asked Questions about the Shellshock Bash flaws
• Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)
• Security Advisory Important: bash security update 

  Advisory: RHSA-2014:1306-1

FAQ

Q: Are web services that indirectly access the Linux database server affected?

A. No. Eclipse doesn’t use the affected Apache web server on Linux. Web services that use fastcgi (e.g. WOE, Web Integration) that run on the Windows IGATE server access the UniVerse SOCKET server, which isn’t affected. Web services that access JBoss on the database server (e.g. POD, JM) aren’t affected.

Q. The yum update tool is not working. Can I manually install the updated bash software?

A. Yes, you may use one of the alternative mirrors below:

For servers running RHEL 5:

rpm -Uvh http://f.cl.ly/items/0v0V430R0b3a3j3M4344/bash-3.2-33.el5_11.4.x86_64.rpm

For servers running RHEL 6:

rpm -Uvh http://f.cl.ly/items/3p083T2f1j3b191x423d/bash-4.1.2-15.el6_5.2.x86_64.rpm

Q. How do I test to see if my server is vulnerable?

A. Run this command:

env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

If you see the word “vulnerable” echoed back, then your system needs to be updated. If you only see “this is a test,” then your system has been patched.

1. Login to the server using root for the username and abc123 for the password

2. On Linux command prompt IP address is assigned by a network configuration window. This window can be invoked by selecting network configuration sub menu form setup command

3. This will launch a new window select network configuration

4. Now a new window will show you all available LAN card select your LAN card ( if you don’t see any LAN card here mean you don’t have install driver).  Choose the network card you want to set (usually eth0)

5. Assign IP in this box and click ok

6. Click on ok, quit and again quit to come back on root prompt. Whatever change you made in network configuration will not take place till you restart the LAN card

7. Now type service network restart from the prompt (see below)

8. Type ifconfig to confirm settings have changed

Here are answers to some common questions regarding upgrades from RHEL 5 to 6:

When I update the software using “yum,” will it upgrade me to the newest version?

It will only update you to the latest “minor” version (e.g. 5.9 to 5.10). It will not upgrade you to a new major version (e.g. 5.9 to 6.5).

Why would I want to upgrade to RHEL 6?

If you are on RHEL 5, you may stay on RHEL 5. Red Hat will provide technical support and updates for RHEL 5 until 3/31/17, and UniVerse will support it through 11.2.

If you are on RHEL 5, but you are moving to a new server, we recommend that you use the opportunity to migrate to RHEL 6 on the new server.

Can I perform an “in place” upgrade from RHEL 5 to 6?

No. Here’s Red Hat’s policy on “in place” upgrades:

Red Hat does not support in-place upgrades between any major versions of Red Hat Enterprise Linux. A major version is denoted by a whole number version change. For example, Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.5 are both major versions of Red Hat Enterprise Linux.
In-place upgrades across major releases do not preserve all system settings, services or custom configurations. Consequently, Red Hat strongly recommends fresh installations when upgrading from one major version to another.

The recommended procedure is to perform a clean installation of RHEL 6, followed by clean installations of the Eclipse software packages (e.g. UniVerse, VSI-FAX), and finally restore the OS configuration data (e.g. users, passwords, printers, email relay settings) and database.

For more information, see these Red Hat articles:

• Red Hat Enterprise Linux 6 Installation Guide
• Does Red Hat support upgrades between major versions of Red Hat Enterprise Linux?

I need to upgrade to RHEL 6 for another reason. Can Eclipse help?

If you need to upgrade from RHEL 5 to 6 for some reason (e.g. backup software requires RHEL 6), and you are not moving to a new server, the Eclipse team can help with the upgrade process. Please contact your account manager for more information.

This repair procedure works only for Windows Vista/W2008/W7-32/W7-64/W832/W864

1.Click Start.
2.Click Control Panel.
3.Click Programs
4.Click Default Programs.
5.Click Associate a file type or protocol with a program.
6.Click extension jnlp.
7.Click change Program.
8.Select javaws or navigate to C:\Program Files\java\jre8\bin\javaws.exe

Example of the error:

A lot of customers are using hosted Office 365 for outbound email.  There are different ways to set this up but some customers have had success with this method.  It requires that you know or find the public ip address that your Eclipse server is coming from.  If you have issues with this setup you must call Microsoft or whomever supports your Office 365 solution.

• Log on to the Office 365 Portal.
• Select Domains. Highlight one of your domains and use the wizard to obtain your MX record. The MX record will look similar to contoso.com.mail.protection.outlook.com. Make a note of the MX record for later.
• In the upper right, select Admin and then select Exchange from the drop down.
• In the Exchange Admin Center, select Mail Flow > Connectors.
• Create an inbound connector.
• Give the connector a name (example: Eclipse relay).
• Select On-Premises for the Connector Type.
• Under Domains, add a single asterisk (*). This will allow sending to any domain. Don’t add anything else.
• In the IP Addresses section, add the public ip your Eclipse server comes from
• Leave all the other fields with their default values and select Save.
• In the DNS for your domain, we suggest that you modify your SPF record to include the IP address. The finished string should look similar to this: v=spf1 ip4:10.1.2.3 include:spf.protection.outlook.com ~all where 10.1.2.3 is your public IP address. Skipping this step could cause email to be sent to recipients’ junk mail folders.

Once this is complete the Eclipse UNIX/Linux team can assist with editing what your eclipse server points to for outbound email (sendmail or postfix).