Linux Bash Security Vulnerability repair
Recently, a very serious security vulnerability was detected in the built-in Bash of Linux. Hackers can exploit this Bash vulnerability to completely control the target system and initiate attacks. To avoid Linux Server impact, we recommend that users with Linux servers fix the vulnerability as soon as possible.
[Software and systems that have been successfully used] All Linux operating systems that have installed GNU bash versions earlier than or equal to 4.3.
[Vulnerability description] This vulnerability is caused by the special environment variables created before the bash shell you call. These variables can contain code and will be executed by bash.
1. Affected systems include
- CentOS
- Debian
- RedHat
- Ubuntu
2. Check whether the system is to be repaired
[Root @ mysql ~] # Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Vulnerable
This is a test
[Root @ mysql ~] #
If the above results are output, the bash vulnerability needs to be fixed.
3. Temporarily fix the Vulnerability (abandoned)
[Root @ mysql ~] # Yum update bash-y
4. Check whether the vulnerability is fixed again.
[Root @ mysql ~] # Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Bash: warning: x: ignoring function definition attempt
Bash: error importing function definition for 'X'
This is a test
[Root @ mysql ~] #
5. Final bash vulnerability repair (this method is correct)
Vulnerability Detection command: env-I X = '() {(a) => \ 'bash-C' echo date'; cat echo
Vulnerability fix command: yum update bash-y
Results Before repair: current system time
Result After repair: date
Gitlab-shell is affected by Bash CVE-2014-6271 Vulnerability
Linux security vulnerability exposure Bash is more serious than heartbleed
The solution is to upgrade Bash. Please refer to this article.
This article permanently updates the link address: