Bash Vulnerability Security Hardening

Source: Internet
Author: User
Tags cve

Bash Vulnerability Hardening Scheme

1Vulnerability Description

The previous period of time to do security reinforcement, using the BVS scan host, according to the scanned report shows that there are two Bash vulnerabilities, respectively:

① GNU Bash environment variable Remote Command execution vulnerability (cve-2014-6271)

The GNU Bash 4.3 and previous versions have a security vulnerability when evaluating certain constructed environment variables, and adding extra strings to the function definitions within the environment variable values can trigger the vulnerability, which could be exploited by an attacker to alter or bypass environmental restrictions to execute Shell commands.

② GNU bashcve-2014-6271 Incomplete Repair Remote code execution vulnerability (cve-2014-7169)

Affected Systems: GNU Bash <=4.3 bash43-026

A security vulnerability exists in the GNU Bash 4.3 bash43-026 and earlier versions of a string that is defined after some malformed function in the environment variable value, which is exploited by a remote attacker to overwrite the file, execute arbitrary code, and cause other effects through the constructed environment. This vulnerability stems from an incomplete fix for cve-2014-6271 , which still has a problem with function parsing.

2Vulnerability Testing

Build your own environment to test first.

① Viewing the system version:

[Email protected] ~]# lsb_release version–a

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/03/wKioL1TE75ihSyttAAE3YCSpI80317.jpg "title=" 11.png "alt=" Wkiol1te75ihsyttaae3ycspi80317.jpg "/>


② viewing the bash version:

[Email protected] ~]# bash--version

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/05/wKiom1TE7tiTpcB7AACQl9Dk4A8134.jpg "style=" float: none; "title=" 12.png "alt=" Wkiom1te7titpcb7aacql9dk4a8134.jpg "/>


③ Test statement:

[[Email protected] ~]# env x= ' () {:;}; Echovulnerable ' Bash-c "echo this is a test"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/59/03/wKioL1TE77TSkx6rAAB56oKP1Qo418.jpg "title=" 13.png "Style=" Float:none; "alt=" wkiol1te77tskx6raab56okp1qo418.jpg "/>

returns "vulnerable this is a test", which indicates the existence of the GNU Bash environment variable Remote Command execution vulnerability (cve-2014-6271).

3Vulnerability Hardening

① upload the appropriate patch to file to directory /usr/local/src:

Bash-3.2-33.el5_10.4.x86_64

Bash-debuginfo-3.2-33.el5_11.4.x86_64

Please note that the download of the bash patch for the actual environment is determined by the operating system version and the Bash version (this environment is Redhat64bit && bash3.2)

② Installing the rpm Patch pack:

[email protected] localhost src]# rpm-uvhbash-3.2-33.el5_10.4.x86_64.rpm

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/03/wKioL1TE8TeBgFuCAAGHeNt7_Xw280.jpg "style=" float: none; "title=" 15.png "alt=" Wkiol1te8tebgfucaaghent7_xw280.jpg "/>


[Email protected] src]# rpm-uvhbash-debuginfo-3.2-33.el5_11.4.x86_64.rpm

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/05/wKiom1TE8FySbvtvAAFDCc7vwzU190.jpg "title=" 16.png "Style=" Float:none; "alt=" wkiom1te8fysbvtvaafdcc7vwzu190.jpg "/>

③ inspection has been reinforced

[[Email protected] src]# env x= ' () {:;}; Echovulnerable ' Bash-c "echo this is a test"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/05/wKiom1TE8FzTZzqPAACYihJAQ20029.jpg "title=" 17.png "Style=" Float:none; "alt=" wkiom1te8fztzzqpaacyihjaq20029.jpg "/>

The patch installation is successful only if this is a test appears.


4Description

Originally intended to upload bash patches, did not expect to be illegal upload caused by upload failure.


This article is from the "Aerfa21_myhome" blog, make sure to keep this source http://aerfa21.blog.51cto.com/6656626/1608134

Bash Vulnerability Security Hardening

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.