Linux Bash Security Vulnerability repair

Linux Bash Security Vulnerability repair

Recently, a very serious security vulnerability was detected in the built-in Bash of Linux. Hackers can exploit this Bash vulnerability to completely control the target system and initiate attacks. To avoid Linux Server impact, we recommend that users with Linux servers fix the vulnerability as soon as possible.

[Software and systems that have been successfully used] All Linux operating systems that have installed GNU bash versions earlier than or equal to 4.3.

[Vulnerability description] This vulnerability is caused by the special environment variables created before the bash shell you call. These variables can contain code and will be executed by bash.

1. Affected systems include

• CentOS
• Debian
• RedHat
• Ubuntu

2. Check whether the system is to be repaired

[Root @ mysql ~] # Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Vulnerable
This is a test
[Root @ mysql ~] #

If the above results are output, the bash vulnerability needs to be fixed.

3. Temporarily fix the Vulnerability (abandoned)

[Root @ mysql ~] # Yum update bash-y

4. Check whether the vulnerability is fixed again.

[Root @ mysql ~] # Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Bash: warning: x: ignoring function definition attempt
Bash: error importing function definition for 'X'
This is a test
[Root @ mysql ~] #

5. Final bash vulnerability repair (this method is correct)

Vulnerability Detection command: env-I X = '() {(a) => \ 'bash-C' echo date'; cat echo

Vulnerability fix command: yum update bash-y

Results Before repair: current system time

Result After repair: date

Gitlab-shell is affected by Bash CVE-2014-6271 Vulnerability

Linux security vulnerability exposure Bash is more serious than heartbleed

The solution is to upgrade Bash. Please refer to this article.

This article permanently updates the link address: