XX²¨²Æ¡¤XX ÎÊÌâԡ辯¹«¸æ

[EIT-P-C-201419] ManageOne Notice on Rectification for SUSE OS Bash Malicious Code Security Vulnerability


                                        Warning ID: EIT- P-C-201419





Product Involved


Versions Involved

ManageOne V100R001C01 BMS

ManageOne V100R001C02  (SSMC)

ManageOne V100R002C00  (SSM)

ManageOne V100R002C00  (UMP)

ManageOne V100R002C10  (SSM)

ManageOne V100R002C10  (OC)

ManageOne V100R002C10  (SC)

ManageOne V100R002C20  (OC)

ManageOne V100R002C20  (SC)

Application Scope

All sites that involved the version of the products.

Release Date


Manpower Required

One person day/site


Keyword: bash


[Trigger Conditions]

Attackers can exploit specific environment variables of Bash to bypass environment restrictions and run shell commands. Some services and applications allow environment variables provided by remote unauthenticated attackers to be run.


[Check Method]

Code that contains vulnerability:

[root@localhost~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"


this is a test


Code that does not contain vulnerability:

[root@localhost~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

this is a test



[Root Cause]

Attackers construct special environment variables that contain malicious code. Before the Bash shell is invoked, the malicious code is executed.


[Impact and Risk]

The environment variables are not verified sufficiently, and therefore attackers can construct special environment variables to execute malicious code.



Install the patches released at the SUSE official website.

Download address: http://support.novell.com/security/cve/CVE-2014-6278.html

You can also download the patches from the attachment to this notice.









Note: In active/standby deployment, perform the following operations on both the active and standby servers.

1.    Use PuTTY to log in to a server as user root by using the management IP address.

2.    Run the following command to prevent a timeout logout of the remote access tool:


3.    Use WinSCP to upload all the rpm packages to the opt directory on the server.

4.    Run the following command to disable logout on timeout:

       cd /opt

rpm -Uvh libreadline5-5.2-  

rpm -Uvh libreadline5-32bit-5.2-

rpm -Uvh readline-doc-5.2-

rpm -Uvh bash-3.2-

rpm -Uvh bash-doc-3.2-

5.    Verify the code according to check methods to check whether vulnerability exists. If yes, contact Huawei R&D contacts for technical support.



R&D contact person:

Sun Shuchen 00120578

Tel: 18066503937

E-Mail: sunshuchen@huawei.com


[Approved By] PDT manager

PDT manager: Qi Guangyu 61298

Tel: 18025319877

E-Mail: qiguangyu@huawei.com