High-risk bash vulnerabilities are detected. Be careful with your server!

Source: Internet
Author: User

High-risk bash vulnerabilities are detected. Be careful with your server!


Background:

On July 15, September 25, Beijing time, a Linux User got another"Surprise"! The Red Hat security team found a hidden and dangerous security vulnerability in the bash shell widely used in Linux. This vulnerability is called "bash bug" or "shellshock ".

This vulnerability allows attackers to execute code in the same way as they do in shell, which opens the door for various attacks. What's worse, this vulnerability has existed in Linux for a long time, so it is easy to fix a Linux machine, but it is almost impossible to fix it all.

Red Hat and Fedora have released patches for this vulnerability. This vulnerability also affects OS X, but Apple has not released a formal patch.

This bash vulnerability may be more dangerous than heartbleed.
--Robert Graham (@ erratarob) February September 24, 2014

Red Hat's Robert David Graham compared the vulnerability with heartbleed and found that the former is more widely distributed and may have long-term impact on system security. Graham wrote in a blog article: "There are a lot of software that interacts with Shell in some way, and we cannot list all the software affected by this vulnerability ." According to the verge report, Berkeley's researcher Nicholas Weaver also agreed: "It is very obscure, terrible, and will be with us for years ."

Todd Beardsley, manager of the network security company rapid7 Engineering Department, warned that the severity of the bash vulnerability is "10", which means it has the largest threat to users' computers. The complexity of bash vulnerability exploitation is "low", which means that hackers can use it to launch attacks relatively easily.

In addition, Dan Guido, CEO of trail of BITs, a network security company, said the "heartbleed" vulnerability allows hackers to monitor users' computers, but does not gain control. The method to exploit the bash vulnerability is simpler-you only need to cut and paste a line of code.

Google's security researcher Tavis Ormandy said on Twitter that the patches launched by Linux system providers appeared to be "incomplete", which raised concerns of several security experts.

Upgrade Method:

For the RedHat and centos liunx Release versions, run the following command:

Yum-y update bash

For the Debian liunx release version, run the following command:

Sudo apt-Get Update & sudo apt-Get install -- only-upgrade bash


This article is from the "faker" blog and will not be reproduced!

High-risk bash vulnerabilities are detected. Be careful with your server!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.