Bash Shellshock Solutions

Source: Internet
Author: User
Tags echo date function definition

September 24, 2014, Bash breaking a critical security vulnerability, number cve-2014-6271, that could cause a remote attacker to execute arbitrary code on the affected system. GNU Bash, a Unix Shell written for the GNU program, is widely used in Linux systems, and the initial function is simply a simple terminal-based command interpreter. This means that at least 1.5 million of the world's hosts will be affected, as well as Linux/unix Android and Apple in the world.

For a detailed description of the vulnerability, see "Why a you said Shell vulnerability could lead to a global server catastrophe"

Detection method:

[~]#-i X=' () {(a) =>\ ' bash-c 'echo date'; Cat echo bash:x: line 1:syntax error near Unexpected token ' = 'bash: X:1:' bash:error importing function definition for '  X' Sun Oct 23:16:36 EDT 2014## #date be executed as a command to indicate a vulnerability exists # # #         

Repair scheme (Default Centos):

[[Email protected]~]#Yum Update bash# #Version # #[[Email protected]~]#Rpm-Qa|grep Bashbash-4.1.2-15.el6_5.2x86_64--ubuntu--apt< Span class= "pun" >-get Updateapt-get -y install --only -upgrade bash--debian --apt-get Updateapt-< Span class= "KWD" >get -y install --only-upgrade bash        

Now execute the instrumentation command again:

[~]#-i X=' () {(a) =>\ ' bash-c 'echo date'; cat echo datecat:echo:No such file or dir ectory# #同前面, Output date indicates successful repair # #      
» Reprint Retain Copyright: it chen Yi» "Bash Shellshock Final Solution"» This article link address: http://www.ipython.me/centos/bash-shellshock-solution.html» This article copyright take: BY-NC-SA agreement to authorize, reprint annotated source. In addition to It-tools, news and special notes, all articles on this site are original. » If you like can: Click here to subscribe to this site

Bash Shellshock Solutions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.