September 24, 2014, Bash breaking a critical security vulnerability, number cve-2014-6271, that could cause a remote attacker to execute arbitrary code on the affected system. GNU Bash, a Unix Shell written for the GNU program, is widely used in Linux systems, and the initial function is simply a simple terminal-based command interpreter. This means that at least 1.5 million of the world's hosts will be affected, as well as Linux/unix Android and Apple in the world.
For a detailed description of the vulnerability, see "Why a you said Shell vulnerability could lead to a global server catastrophe"
Detection method:
[~]#-i X=' () {(a) =>\ ' bash-c 'echo date'; Cat echo bash:x: line 1:syntax error near Unexpected token ' = 'bash: X:1:' bash:error importing function definition for ' X' Sun Oct 23:16:36 EDT 2014## #date be executed as a command to indicate a vulnerability exists # # #
Repair scheme (Default Centos):
[[Email protected]~]#Yum Update bash# #Version # #[[Email protected]~]#Rpm-Qa|grep Bashbash-4.1.2-15.el6_5.2x86_64--ubuntu--apt< Span class= "pun" >-get Updateapt-get -y install --only -upgrade bash--debian --apt-get Updateapt-< Span class= "KWD" >get -y install --only-upgrade bash
Now execute the instrumentation command again:
[~]#-i X=' () {(a) =>\ ' bash-c 'echo date'; cat echo datecat:echo:No such file or dir ectory# #同前面, Output date indicates successful repair # #
» Reprint Retain Copyright: it chen Yi» "Bash Shellshock Final Solution"» This article link address: http://www.ipython.me/centos/bash-shellshock-solution.html» This article copyright take: BY-NC-SA agreement to authorize, reprint annotated source. In addition to It-tools, news and special notes, all articles on this site are original. » If you like can: Click here to subscribe to this site
Bash Shellshock Solutions