Detection and repair method of bash Vulnerability in UNIX-like system

Recent bash exploits have allowed many Unix-like lying guns.

The following are the relevant detection methods and remediation methods (content source Aliyun Developer Forum)

-----------------------------------------------------------------------------------------------------

Bash Emergency Vulnerability Alert, please note all users who are using Linux servers. This vulnerability directly affects unix-based systems (such as Linux, OS X, etc.) that can cause remote attackers to execute arbitrary code on affected systems.

"Software and systems that have been identified for successful use"

All installed gun bash version is less than or equal to 4.3 of the Linux operating system.

"Vulnerability description"

The flaw stems from the special environment variables that you created before the bash shell you called, which can contain code and be executed by bash.

"Vulnerability Detection Method"

Input:

$ env x= ' () {:;}; echo vulnerable ' bash-c ' echo this is a test

Output:

Vulnerable

This is a test

"Software and systems that have been identified for successful use"

All Linux operating systems that install the GNU Bash version less than or equal to 4.3.

"Vulnerability description"

The flaw stems from the special environment variables that you created before the bash shell you called, which can contain code and be executed by bash.

"Vulnerability Detection Method"

Vulnerability Detection command: ENV x= ' () {:;}; echo vulnerable ' bash-c ' echo this is a test

Before fixing

Output:

Vulnerable

This is a test

After you repair with a patch

BASH:WARNING:X: Ignoring function definition attempt

Bash:error importing function definition for ' x '

This is a test

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/OS/unix/

Special NOTE: This fix will not have any impact, if your script uses the above way to define environment variables, your script execution will be an error after repair.

"Recommended Patch"

Please select the command you need to fix according to the Linux version, in order to prevent the unexpected situation, we recommend that you take a snapshot of the Linux server system disk before you execute the command, if the upgrade affects your server usage, you can resolve it by rolling back the system disk snapshot.

Centos:

YUM-Y Update Bash

Ubuntu:

14.04 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg-i bash_4.3-7ubuntu1.1_ Amd64.deb

14.04 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg-i bash_4.3-7ubuntu1.1_ I386.deb

12.04 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg-i bash_4.2-2ubuntu2.2_ Amd64.deb

12.04 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg-i bash_4.2-2ubuntu2.2_ I386.deb

10.10 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg-i bash_4.1-2ubuntu3.1_ Amd64.deb

10.10 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg-i bash_4.1-2ubuntu3.1_ I386.deb

Debian:

7.5 64bit && 32bit

Apt-get-y Install--only-upgrade Bash

6.0.x 64bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb && dpkg-i bash_4.1-3+ Deb6u1_amd64.deb

6.0.x 32bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb && dpkg-i bash_4.1-3+ Deb6u1_i386.deb

openSUSE

13.1 64bit

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && RPM-UVH bash-4.2-68.4.1.x86_64.rpm

13.1 32bit

wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && RPM-UVH bash-4.2-68.4.1.i586.rpm

Aliyun Linux:

5.x 64bit

wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && RPM-UVH bash-3.2-33.el5.1.x86_64.rpm

5.x 32bit

wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && RPM-UVH bash-3.2-33.el5.1.i386.rpm

Ubuntu12.04 64-bit detection methods and Repair methods are available!