Bash security vulnerabilities are more serious than heartbleed attacks.

Bash security vulnerabilities are more serious than heartbleed attacks.

RedHat finds a computer software system vulnerability named Shellshock (or Bash Bug), which is no less serious than the "heartbleed" vulnerability in OpenSSL software. It is estimated that this vulnerability may affect the normal operation of more than 50 thousand computer devices.

Researchers found the shellshock vulnerability in the bash software script. This vulnerability allows you to remotely control almost all systems by skipping the shielding mechanism in the computer system through bash. Therefore, the use of systems containing bash scripts will make computers more vulnerable to vulnerability attacks.

Bash is called the Bourne-Again Shell, which is a command prompt on most Unix computers. The Linux system developed based on the Unix operating system and the internal software of the Apple Mac system also run with the bash script, and also includes the Apache Web server.

The US Computer Emergency Response Team (US-Cert) issued an alert on this issue. Once the shellshock vulnerability is discovered, patches must be installed immediately. However, the researchers said that the patch for this vulnerability is not complete. According to Rapid7, a security risk information solution provider, the shellshock vulnerability is extremely harmful, but the program is not complicated. Hackers can easily exploit this vulnerability to control computers and steal or modify data on the fly.

Professor woodworth from the University of surari suggested that all users Install patches in systems with bash scripts to prevent hacker attacks.

Bash software security vulnerability detection and Solutions

Run the following command:

$ Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"

If the following content is returned: upgrade as soon as possible.

Vulnerable

This is a test

The upgrade package has been officially provided. Run: yum update-y bash to upgrade the package!

Gitlab-shell is affected by Bash CVE-2014-6271 Vulnerability

Linux security vulnerability exposure Bash is more serious than heartbleed

The solution is to upgrade Bash. Please refer to this article.

This article permanently updates the link address: