Linux re-exposure vulnerability Bash is more severe than "bleeding heart"

Linux re-exposure vulnerability Bash is more severe than "bleeding heart"

September 25, 2014 message: A Linux security vulnerability that is alleged to be more severe than "bleeding heart" was found, although no attack was found to exploit the vulnerability, but a lower operating threshold than "heart bleed" made it more dangerous than the former.

Bash is the software used to control the command prompt for a Linux computer. Dan Gido, chief executive of Trail of bits at cyber security, said: "Bleeding from the heart" only allows hackers to spy on computers, but does not allow hackers to gain control of the computer. Bash vulnerabilities are different, and hackers can use it to fully control the target computer system.

To make things worse, it's easier to take advantage of bash vulnerabilities by simply cutting and pasting a single line of software code to get results. Such a low threshold may attract more hackers to attack, which is where security experts are worried.

To prevent your Linux server from being affected, we recommend that you complete the bug fix as soon as possible.

Vulnerability Detection Command : env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"

If shown:

Vulnerable

This is a test the vulnerability is not fixed

If shown:

BASH:WARNING:X: Ignoring function definition attempt

Bash:error importing function definition for ' x '

This is a test the vulnerability has been fixed

bug fix command : Yum update bash-y

attached: Online there is also a vulnerability detection command : Env-i x= ' () {(a) =>\ ' bash-c ' echo date '; Cat Echo

The word "date" was found in the output and the repair was successful.

My server is centos6.5 display as follows:

[[Email protected] ~]$ env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"

BASH:WARNING:X: Ignoring function definition attempt

Bash:error importing function definition for ' x '

This is a test shows that I have successfully repaired!

[[email protected] ~]$ env-i x= ' () {(a) =>\ ' bash-c ' echo date '; Cat Echo

BASH:X: Line 1:syntax error near unexpected token ' = '

Bash:x: Line 1: "

Bash:error importing function definition for ' X '

Sat Sep 19:25:36 CST Show results show that I did not repair success! (because no date appears)

The server has been restarted, then I was the repair success or unsuccessful???????

RELATED Links: http://www.linuxidc.com/Linux/2014-09/107176.htm

This article is from the "Youth Deng Yong" blog, please be sure to keep this source http://dengyong.blog.51cto.com/8409869/1558852

Linux re-exposure vulnerability Bash is more severe than "bleeding heart"