Bash vulnerability
September 25, 2014, following the "Blood of the Heart", the oceans from Australia's Bash remote execution vulnerability again shocked the Internet. If the heart drops only by stealing user computer information, and Bash vulnerability allows hackers to remotely control the computer, so as to get the highest system privileges!
Vulnerability Details page: http://seclists.org/oss-sec/2014/q3/650
The principle of Bash exploits:
In addition to exporting shell variables as environment variables, bash can also export shell functions as environment variables! The current version of Bash exports a function definition to an environment variable as the value of an environment variable with a function name as the environment variable name and a string starting with "() {".
The flaw is that bash handles such "function environment variables" without ending with the end of the function "}" and executing the shell command thereafter.
Simply put, the bash script has a logical error parsing some special strings, which can be executed later.
How do I know if your bash is a loophole? Test with the following command
[[Email protected] ~]# env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
Vulnerable
This is a test
[[Email protected] ~] #bash--version
GNU Bash, version 4.1.2 (1)-release (X86_64-REDHAT-LINUX-GNU)
Copyright (C) Software Foundation, Inc.
License gplv3+: GNU GPL version 3 or later
This was free software; Redistribute it.
There is NO WARRANTY, to the extent permitted by law.
[Email protected] ~]#
If the test return value is the above result: Be sure to upgrade as soon as possible.
The currently available upgrade package needs to run: Yum-y update bash
Upgrade the following actions:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/82/wKioL1UvfSnQTA6zAAKI5Lhr0S0629.jpg "title=" 1.png " alt= "Wkiol1uvfsnqta6zaaki5lhr0s0629.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/86/wKiom1Uve_azerQnAAFIerKlW0w614.jpg "title=" 2.png " alt= "Wkiom1uve_azerqnaafierklw0w614.jpg"/>
Of course, this applies to the Redhat CentOS Fedora system, other system upgrades please see the official patch Solution
Test again after upgrade
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/82/wKioL1UvfWKyIcqbAABNYO6-UlY234.jpg "title=" 3.png " alt= "Wkiol1uvfwkyicqbaabnyo6-uly234.jpg"/>
Of course this is not the final way, but it must be the best way so far
A more robust fix will be released later in the official post.
Actually, I'm more interested in the code for this test.
Env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
"Echo Vulnerable" and "echo this was a test" were executed from the execution results.
B Ash – C of course is the normal execution string-command, mainly echo Vulnerable Why would it be implemented? is actually an env assignment operation.
variable x= () {:;}; echo vulnerable, () {:;}; A function is defined and the function has no action and the echo vulnerable is parsed after it has been executed. To put it simply: what happens if I change the echo vulnerable to another code (with code that is fast-breaking)?
In fact, an ENV operation like this is a simple infiltration attack.
Refer to the following URL for details
http://seclists.org/oss-sec/2014/q3/650
http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/
http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/
you can actually do it on your local server (Apache /nginx ) Test
omitted here ...
This article is from the "Hello_world" blog, make sure to keep this source http://coward.blog.51cto.com/7599475/1633516
Bash Remote Code execution vulnerability fix