Bash is a Unix shell written for the GNU program. : Bourne-again shell-This is a pun about the Bourne SHell (SH) (Bourne again/born Again). Bourne Shell is an early and important shell, written by Steve Burn around 1978, and released with version 7 Unix. Bash was created by Blaine Fox in 1987. In 1990, Chet Ramey became the main maintainer.
Where the shell is located in the Linux system:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/4C/8A/wKiom1Q_gXixhs7zAAEF2uc0B4A536.jpg "title=" The location of the Shell in Unix-and Unix-like systems "alt=" wkiom1q_gxixhs7zaaef2uc0b4a536.jpg "/>
Common Linux and UNIX operating system environments use shells with Bourne shell (SH), KornShell (ksh), C Shell (csh), Bourne-again Shell (bash), today's CentOS, The shell used in Rhel and Ubuntu systems is the Bourne-again shell (bash), and this time the flaw is bash.
Hackers will use this vulnerability to monitor the system, obtain system information, The vulnerability invokes a special environment variable created before the bash shell, which can contain code while being executed by bash. But this does not mean that, like other users on the network can get control of the computer, although the hacker exploited the vulnerability does not have control rights, but it is easy to leak computer-related information, so as to facilitate the hacker attack, so the vulnerability is still very dangerous. However, as long as it is a shell loophole, it is very dangerous. Shell as a bridge between human and computer communication, if this layer of bridge problems, the consequences imaginable.
If your bash version is below 4.3 It is recommended to fix the vulnerability.
Vulnerability Detection Method command:env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
If the command is executed, the output "This is a test" means that the presence of this vulnerability in bash will execute our echo statement.
Repair method:
centos| | RHEL:
Perform yum-y update bash
Ubuntu
14.04 64bit:
wget http://download.wx.51idc.com:8000/hotfix/bash_4.3-7ubuntu1.1_amd64.deb && dpkg-i bash_4.3-7ubuntu1.1_ Amd64.deb
14.04 32bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.3-7ubuntu1.1_i386.deb && dpkg-i bash_4.3-7ubuntu1.1_ I386.deb
12.04 64bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.2-2ubuntu2.2_amd64.deb && dpkg-i bash_4.2-2ubuntu2.2_ Amd64.deb
12.04 32bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.2-2ubuntu2.2_i386.deb && dpkg-i bash_4.2-2ubuntu2.2_ I386.deb
10.x64bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-2ubuntu3.1_amd64.deb && dpkg-i bash_4.1-2ubuntu3.1_ Amd64.deb
10.x32bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-2ubuntu3.1_i386.deb && dpkg-i bash_4.1-2ubuntu3.1_ I386.deb
//////////
Debian:
7.5 64bit && 32bit
Apt-get-y Install--only-upgrade Bash
6.0.x 64bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-3+deb6u1_amd64.deb && dpkg-i bash_4.1-3+deb6u1_ Amd64.deb
6.0.x 32bit
wget http://download.wx.51idc.com:8000/hotfix/bash_4.1-3+deb6u1_i386.deb && dpkg-i bash_4.1-3+deb6u1_ I386.deb
/////////
openSUSE
13.1 64bit
wget http://download.wx.51idc.com:8000/hotfix/bash-4.2-68.4.1.x86_64.rpm && RPM-UVH bash-4.2-68.4.1.x86_ 64.rpm
13.1 32bit
wget http://download.wx.51idc.com:8000/hotfix/bash-4.2-68.4.1.i586.rpm && RPM-UVH bash-4.2-68.4.1.i586.rpm
When the patch is repaired, bash makes an error when executing the appeal code, thus not executing the shell command in the code.
BASH:WARNING:X: Ignoring function definition attempt
Bash:error importing function definition for ' x '
Before the update, it is best to make a backup, if there is a problem, can be restored, do not affect the existing system services
Linux Bash critical bug fix method