LINUX_ exposes major bash security vulnerabilities and remediation methods

Linux official built-in bash recently found a very serious security Vulnerability (vulnerability reference https://access.redhat.com/security/cve/CVE-2014-6271), Hackers can take advantage of this bash vulnerability to fully control the target system and initiate an attack.

Software and systems that have been successfully exploited: All Linux operating systems installed with GNU Bash version less than or equal to 4.3. The vulnerability stems from the special environment variables created before the bash shell that you invoke, which can contain code and be executed by bash.

Vulnerability detection methods:

1	envx=‘() { :;}; echo vulnerable‘ bash-c "echo this is a test"

Output:

Before repair
Vulnerable
This is a test
After repairing with the patching scheme
BASH:WARNING:X: Ignoring function definition attempt
Bash:error importing function definition for ' x '
This is a test

Special NOTE: This fix will not have any effect, if your script uses the above method to define environment variables, your script execution will error when repaired.

Fix solution:

Ubuntu:
14.04 64bit

123	wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb

14.04 32bit

123	wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb

12.04 64bit

123	wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb

12.04 32bit

123	wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb

Ubuntu users can patch with the following commands without restarting:

123	apt-get update   apt-get installbash

Reference links and other Linux system repair scenarios: Linux bash critical bug fix emergency notification

Reprint: Original source http://xjhznick.blog.51cto.com/3608584/1558248

LINUX_ exposes major bash security vulnerabilities and remediation methods