High-risk bash vulnerabilities are detected. Be careful with your server!

High-risk bash vulnerabilities are detected. Be careful with your server!

Background:

On July 15, September 25, Beijing time, a Linux User got another"Surprise"! The Red Hat security team found a hidden and dangerous security vulnerability in the bash shell widely used in Linux. This vulnerability is called "bash bug" or "shellshock ".

This vulnerability allows attackers to execute code in the same way as they do in shell, which opens the door for various attacks. What's worse, this vulnerability has existed in Linux for a long time, so it is easy to fix a Linux machine, but it is almost impossible to fix it all.

Red Hat and Fedora have released patches for this vulnerability. This vulnerability also affects OS X, but Apple has not released a formal patch.

This bash vulnerability may be more dangerous than heartbleed.
--Robert Graham (@ erratarob) February September 24, 2014

Red Hat's Robert David Graham compared the vulnerability with heartbleed and found that the former is more widely distributed and may have long-term impact on system security. Graham wrote in a blog article: "There are a lot of software that interacts with Shell in some way, and we cannot list all the software affected by this vulnerability ." According to the verge report, Berkeley's researcher Nicholas Weaver also agreed: "It is very obscure, terrible, and will be with us for years ."

Todd Beardsley, manager of the network security company rapid7 Engineering Department, warned that the severity of the bash vulnerability is "10", which means it has the largest threat to users' computers. The complexity of bash vulnerability exploitation is "low", which means that hackers can use it to launch attacks relatively easily.

In addition, Dan Guido, CEO of trail of BITs, a network security company, said the "heartbleed" vulnerability allows hackers to monitor users' computers, but does not gain control. The method to exploit the bash vulnerability is simpler-you only need to cut and paste a line of code.

Google's security researcher Tavis Ormandy said on Twitter that the patches launched by Linux system providers appeared to be "incomplete", which raised concerns of several security experts.

Upgrade Method:

For the RedHat and centos liunx Release versions, run the following command:

Yum-y update bash

For the Debian liunx release version, run the following command:

Sudo apt-Get Update & sudo apt-Get install -- only-upgrade bash

This article is from the "faker" blog and will not be reproduced!

High-risk bash vulnerabilities are detected. Be careful with your server!