Linux official built-in bash recently found a very serious security Vulnerability (vulnerability reference https://access.redhat.com/security/cve/CVE-2014-6271), Hackers can take advantage of this bash vulnerability to fully control the target system and initiate an attack.
Software and systems that have been successfully exploited: All Linux operating systems installed with GNU Bash version less than or equal to 4.3. The vulnerability stems from the special environment variables created before the bash shell that you invoke, which can contain code and be executed by bash.
Vulnerability detection methods:
1 |
env x= ‘() { :;}; echo vulnerable‘ bash -c "echo this is a test" |
Output:
Before repair
Vulnerable
This is a test
After repairing with the patching scheme
BASH:WARNING:X: Ignoring function definition attempt
Bash:error importing function definition for ' x '
This is a test
Special NOTE: This fix will not have any effect, if your script uses the above method to define environment variables, your script execution will error when repaired.
Fix solution:
Ubuntu:
14.04 64bit
123 |
wget http: //mirrors .aliyun.com /fix_stuff/bash_4 .3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb |
14.04 32bit
123 |
wget http: //mirrors .aliyun.com /fix_stuff/bash_4 .3-7ubuntu1.1_i386.deb && dpkg -i bash_4.3-7ubuntu1.1_i386.deb |
12.04 64bit
123 |
wget http: //mirrors .aliyun.com /fix_stuff/bash_4 .2-2ubuntu2.2_amd64.deb && dpkg -i bash_4.2-2ubuntu2.2_amd64.deb |
12.04 32bit
123 |
wget http: //mirrors .aliyun.com /fix_stuff/bash_4 .2-2ubuntu2.2_i386.deb && dpkg -i bash_4.2-2ubuntu2.2_i386.deb |
Ubuntu users can patch with the following commands without restarting:
123 |
apt-get update apt-get install bash |
Reference links and other Linux system repair scenarios: Linux bash critical bug fix emergency notification
Reprint: Original source http://xjhznick.blog.51cto.com/3608584/1558248
LINUX_ exposes major bash security vulnerabilities and remediation methods