Linux Bash critical bug fix method

Source: Internet
Author: User
Tags function definition

Bash is a Unix shell written for the GNU program. : Bourne-again shell-This is a pun about the Bourne SHell (SH) (Bourne again/born Again). Bourne Shell is an early and important shell, written by Steve Burn around 1978, and released with version 7 Unix. Bash was created by Blaine Fox in 1987. In 1990, Chet Ramey became the main maintainer.

Where the shell is located in the Linux system:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/4C/8A/wKiom1Q_gXixhs7zAAEF2uc0B4A536.jpg "title=" The location of the Shell in Unix-and Unix-like systems "alt=" wkiom1q_gxixhs7zaaef2uc0b4a536.jpg "/>


Common Linux and UNIX operating system environments use shells with Bourne shell (SH), KornShell (ksh), C Shell (csh), Bourne-again Shell (bash), today's CentOS, The shell used in Rhel and Ubuntu systems is the Bourne-again shell (bash), and this time the flaw is bash.

Hackers will use this vulnerability to monitor the system, obtain system information, The vulnerability invokes a special environment variable created before the bash shell, which can contain code while being executed by bash. But this does not mean that, like other users on the network can get control of the computer, although the hacker exploited the vulnerability does not have control rights, but it is easy to leak computer-related information, so as to facilitate the hacker attack, so the vulnerability is still very dangerous. However, as long as it is a shell loophole, it is very dangerous. Shell as a bridge between human and computer communication, if this layer of bridge problems, the consequences imaginable.

If your bash version is below 4.3 It is recommended to fix the vulnerability.

Vulnerability Detection Method command:env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"

If the command is executed, the output "This is a test" means that the presence of this vulnerability in bash will execute our echo statement.

Repair method:

centos| | RHEL:

Perform yum-y update bash

Ubuntu

14.04 64bit:

wget http://download.wx.51idc.com:8000/hotfix/bash_4.3-7ubuntu1.1_amd64.deb && dpkg-i bash_4.3-7ubuntu1.1_ Amd64.deb

14.04 32bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.3-7ubuntu1.1_i386.deb && dpkg-i bash_4.3-7ubuntu1.1_ I386.deb

12.04 64bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.2-2ubuntu2.2_amd64.deb && dpkg-i bash_4.2-2ubuntu2.2_ Amd64.deb

12.04 32bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.2-2ubuntu2.2_i386.deb && dpkg-i bash_4.2-2ubuntu2.2_ I386.deb

10.x64bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-2ubuntu3.1_amd64.deb && dpkg-i bash_4.1-2ubuntu3.1_ Amd64.deb

10.x32bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-2ubuntu3.1_i386.deb && dpkg-i bash_4.1-2ubuntu3.1_ I386.deb

//////////

Debian:

7.5 64bit && 32bit

Apt-get-y Install--only-upgrade Bash

6.0.x 64bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-3+deb6u1_amd64.deb && dpkg-i bash_4.1-3+deb6u1_ Amd64.deb

6.0.x 32bit

wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-3+deb6u1_i386.deb && dpkg-i bash_4.1-3+deb6u1_ I386.deb

/////////

openSUSE

13.1 64bit

wget http://download.wx.51idc.com:8000/hotfix/bash-4.2-68.4.1.x86_64.rpm && RPM-UVH bash-4.2-68.4.1.x86_ 64.rpm

13.1 32bit

wget http://download.wx.51idc.com:8000/hotfix/bash-4.2-68.4.1.i586.rpm && RPM-UVH bash-4.2-68.4.1.i586.rpm


When the patch is repaired, bash makes an error when executing the appeal code, thus not executing the shell command in the code.

BASH:WARNING:X: Ignoring function definition attempt

Bash:error importing function definition for ' x '

Before the update, it is best to make a backup, if there is a problem, can be restored, do not affect the existing system services

Linux Bash critical bug fix method

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.