Bash CVE-2014-6271, CVE-2014-7169 vulnerability

Dear customers,

We are aware of a security issue with Bash, which is distributed as the default shell for the operating systems like Linux, which PBXware is based on.

PBXware, SERVERware and TELCOware are affected by this bug, but only in the Setup Wizard, and only if malicious users already have your servers ‘root’ credentials.

If users are not authenticated as root in Setup Wizard, the system is not vulnerable (as no shell is executed at that point).

However small this potential vulnerability is in our case, we did not want to take any chances so we already created the patch.

To patch your PBXware Setup Wizard:


cd /opt/httpd/bin

mv mini_httpd /root/mini_httpd.bak


chmod +x mini_httpd


To patch your PBXware 38x:

cd /opt/pbxware/pw/bin/

mv bash /root/old.bash


chmod +x bash

For older version we include the proper links at the end.

To patch your SERVERware 1.7.3.r15 or Newer:

To apply Setup Wizard security patch to your SERVERware 1.8 or 1.7 r15 and later,

login to your SERVERware Controller GUI and navigate to System ->

Updates and use your root username and password to authenticate.

When updates screen is displayed, select checboxes U and R next to Setup Wizard only, and press Start button.

After update is complete you can close your browser window.

To patch your SERVERware Controller (Only) 1.7.2x or Earlier Manually


user: serverware

pass: update




## Earlier PBXware Version Available

Download link for mini_httpd:

Download link for bash in chroot environment: