Bash Remote Code execution vulnerability fix

Source: Internet
Author: User

Bash vulnerability

September 25, 2014, following the "Blood of the Heart", the oceans from Australia's Bash remote execution vulnerability again shocked the Internet. If the heart drops only by stealing user computer information, and Bash vulnerability allows hackers to remotely control the computer, so as to get the highest system privileges!

Vulnerability Details page: http://seclists.org/oss-sec/2014/q3/650

The principle of Bash exploits:

In addition to exporting shell variables as environment variables, bash can also export shell functions as environment variables! The current version of Bash exports a function definition to an environment variable as the value of an environment variable with a function name as the environment variable name and a string starting with "() {".

The flaw is that bash handles such "function environment variables" without ending with the end of the function "}" and executing the shell command thereafter.

Simply put, the bash script has a logical error parsing some special strings, which can be executed later.

How do I know if your bash is a loophole? Test with the following command

[[Email protected] ~]# env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"

Vulnerable

This is a test

[[Email protected] ~] #bash--version

GNU Bash, version 4.1.2 (1)-release (X86_64-REDHAT-LINUX-GNU)

Copyright (C) Software Foundation, Inc.

License gplv3+: GNU GPL version 3 or later

This was free software; Redistribute it.

There is NO WARRANTY, to the extent permitted by law.

[Email protected] ~]#

If the test return value is the above result: Be sure to upgrade as soon as possible.

The currently available upgrade package needs to run: Yum-y update bash

Upgrade the following actions:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/82/wKioL1UvfSnQTA6zAAKI5Lhr0S0629.jpg "title=" 1.png " alt= "Wkiol1uvfsnqta6zaaki5lhr0s0629.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/86/wKiom1Uve_azerQnAAFIerKlW0w614.jpg "title=" 2.png " alt= "Wkiom1uve_azerqnaafierklw0w614.jpg"/>

Of course, this applies to the Redhat CentOS Fedora system, other system upgrades please see the official patch Solution

Test again after upgrade

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/82/wKioL1UvfWKyIcqbAABNYO6-UlY234.jpg "title=" 3.png " alt= "Wkiol1uvfwkyicqbaabnyo6-uly234.jpg"/>

Of course this is not the final way, but it must be the best way so far

A more robust fix will be released later in the official post.

Actually, I'm more interested in the code for this test.

Env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"

"Echo Vulnerable" and "echo this was a test" were executed from the execution results.

B Ash – C of course is the normal execution string-command, mainly echo Vulnerable Why would it be implemented? is actually an env assignment operation.

variable x= () {:;}; echo vulnerable, () {:;}; A function is defined and the function has no action and the echo vulnerable is parsed after it has been executed. To put it simply: what happens if I change the echo vulnerable to another code (with code that is fast-breaking)?

In fact, an ENV operation like this is a simple infiltration attack.

Refer to the following URL for details

http://seclists.org/oss-sec/2014/q3/650

http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/

you can actually do it on your local server (Apache /nginx ) Test

omitted here ...



This article is from the "Hello_world" blog, make sure to keep this source http://coward.blog.51cto.com/7599475/1633516

Bash Remote Code execution vulnerability fix

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.