Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 3693 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

FileMaker Server uses Apache on OS X, and edits the configuration file ( /private/etc/apache2/httpd.conf ) and enables apache.   This means that if one is running filemaker server, one is (usually) running apache.  The new 'shellshock' bug would seem to be a concern in this situation.

 

I'm running a few OS X servers that have FM Server and Apache running.  I've decided to stop apache this morning until I understand the risks.

 

Background on shellshock : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Posted

Is your FileMaker version 13 or 11?

 

If 13, then please upgrade your Profile to show your current Version of FileMaker, OS and Platform.

 

Here a quick link to your profile. MY PROFILE

Posted

Hi Lee - the profile doesn't let one choose multiple versions.   I'm running FMS 11 and FMS 13 on different machines.   I believe the vulnerability applies to any version of FMS which uses apache on Mac OS X, which I believe would cover 9, 10, 11, 12, and 13...

Posted (edited)

 the profile doesn't let one choose multiple versions. 

Your Profile should just reflect your current version!

 

Just provide the other information so we know that you are thinking this is a broader problem other than 13. When you post it in the 13 topics, I have no way of knowing whether or not you just posted in the first topic, or if the question is about 13. We automatically assume that the Profile is correct a long with the other info. 

 

Also, why did you pick the General Topic over one of the Server Topics?

 

I’m on my way out to meet with a client, I will pick this up later today.

Edited by Lee Smith
Rewrote the Reply.
Posted

The right thing to do would be to turn off the server / apache functions until Apple releases an update.  Many of us can't wait that long.

 

What I did:

* shut down the server and think about it

* found a bash fix which I trusted - recompiled it and installed it.  For example : 

  http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an

* restarted servers

Posted

Thank you Xochi!  I followed the instructions in your link (apple stackexchange) for our Filemaker 11 server on mountain lion (client, not server).  No problems.  

 

Update- I install the bash fix Friday night but did not restart the server until Monday morning.  The bash fix does not require restarting the system, but the system logs will include some errors as the signature of the new bash does not correspond to the record until after a restart.  And I always need to restart the web server [sudo apachectl graceful] after restarting the system.

Posted

Apple just released a patch for 10.7 - 10.9.

 

I still need one for 10.6  ....

  • 2 weeks later...
Posted

On some of my older Linux boxes, I had to recompile bash from source. This isn't going to be easy on a mac, as you'd need a c compiler first (like the one which comes with XCode) it is doable though.

This topic is 3693 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.