parallels cloud server bash vulnerability

Resolving Bash vulnerability in Parallels Virtuozzo Containers

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is not yet known to be available for Parallels Virtuozzo Containers and Parallels Cloud Servers.

If you have Virtuozzo or Parallels Cloud Server, the individual containers will have Bash; and if you haven’t expressly patched it, assume that your server is vulnerable to hack. Containers typically operate with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)