Bash security vulnerabilities are more serious than heartbleed attacks.

Source: Internet
Author: User

Bash security vulnerabilities are more serious than heartbleed attacks.

RedHat finds a computer software system vulnerability named Shellshock (or Bash Bug), which is no less serious than the "heartbleed" vulnerability in OpenSSL software. It is estimated that this vulnerability may affect the normal operation of more than 50 thousand computer devices.

Researchers found the shellshock vulnerability in the bash software script. This vulnerability allows you to remotely control almost all systems by skipping the shielding mechanism in the computer system through bash. Therefore, the use of systems containing bash scripts will make computers more vulnerable to vulnerability attacks.

Bash is called the Bourne-Again Shell, which is a command prompt on most Unix computers. The Linux system developed based on the Unix operating system and the internal software of the Apple Mac system also run with the bash script, and also includes the Apache Web server.

The US Computer Emergency Response Team (US-Cert) issued an alert on this issue. Once the shellshock vulnerability is discovered, patches must be installed immediately. However, the researchers said that the patch for this vulnerability is not complete. According to Rapid7, a security risk information solution provider, the shellshock vulnerability is extremely harmful, but the program is not complicated. Hackers can easily exploit this vulnerability to control computers and steal or modify data on the fly.

Professor woodworth from the University of surari suggested that all users Install patches in systems with bash scripts to prevent hacker attacks.

Bash software security vulnerability detection and Solutions

Run the following command:

$ Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"

If the following content is returned: upgrade as soon as possible.

Vulnerable

This is a test

The upgrade package has been officially provided. Run: yum update-y bash to upgrade the package!

Gitlab-shell is affected by Bash CVE-2014-6271 Vulnerability

Linux security vulnerability exposure Bash is more serious than heartbleed

The solution is to upgrade Bash. Please refer to this article.

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.