WebMO - Computational chemistry on the WWW
Recent news

WebMO 15.0 is now available for free download!

WebMO 15.0 Pro and Enterprise have a variety of additional features and is available for purchase.

The WebMO app for iPad/iPhone is now available on the App Store.

August 17, 2019

Shellshock exploit?? Log Out | Topics | Search
Moderators | Edit Profile

WebMO Support Forum » WebMO Installation » Other » Shellshock exploit?? « Previous Next »

Author Message
John Keller
Unregistered guest
Posted on Wednesday, November 19, 2014 - 8:36 pm:   

Having just updated to WebMO 15, every job so far has failed with "shellshock exploit detected! exiting". These are all Linux machines running the latest updated versions (6.6) of CentOS.
John Keller
Unregistered guest
Posted on Wednesday, November 19, 2014 - 8:47 pm:   

Also, the patch correcting the Shellshock exploit was installed back in September on all these machines.
John Keller
Unregistered guest
Posted on Wednesday, November 19, 2014 - 9:29 pm:   

Also, programs (MOPAC, G09) run fine from the command line on several systems, logged on as the webmo user.
John Keller
Unregistered guest
Posted on Thursday, November 20, 2014 - 1:18 am:   

More - Downgrading to WebMO v. 14 does not help: same results and message.
JR Schmidt
Moderator
Username: Schmidt

Post Number: 435
Registered: 11-2006
Posted on Thursday, November 20, 2014 - 10:19 am:   

John,

This test can yield false positives under very unusual circumstances. You can remove the safety check by comment the associated line in globals.cgi.
JR Schmidt
Moderator
Username: Schmidt

Post Number: 436
Registered: 11-2006
Posted on Thursday, November 20, 2014 - 10:19 am:   

FYI it does NOT check for the patch, but rather checks for attempts to EXPLOIT the flaw. If your environmental variable defines strange functions (which is rare), this can happen.
John Keller
Unregistered guest
Posted on Thursday, November 20, 2014 - 1:06 pm:   

Which line is that exactly in globals.cgi? I have commented several different lines, with either no effect or if I comment the whole sub, webmo does not start.
JR Schmidt
Moderator
Username: Schmidt

Post Number: 437
Registered: 11-2006
Posted on Thursday, November 20, 2014 - 1:18 pm:   

You can merely comment the line:

&shellshock_test();

I am suspicious that you are running several versions of WebMO at once. You said that downgrading to WebMO 14 didn't fix the problem. Yet WebMO 14 didn't even contain this check. Make sure you only have a single version of WebMO installed.
John Keller
Unregistered guest
Posted on Thursday, November 20, 2014 - 6:39 pm:   

Commenting the shellshock_test line actually worked, but (as suggested by email) I also needed to update the remote servers to make sure they got the modified globals.cgi file from the webmo server. (Actually, just "updating" the servers did not work for me: I had to delete and re-add them.)

Add Your Message Here
Post:
Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Password:
E-mail:
Options: Post as "Anonymous"
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Last Week | Tree View | Search | Help/Instructions | Program Credits Administration