Recommendation: 10 Technical Masterpiece: "High-performance Linux server construction combat Ⅱ" full-network distribution, with probation chapters and the book instance source download!
A bash security vulnerability has just erupted today, and Bash has a security vulnerability that directly affects UNIX-based systems such as Linux, OS X, and so on. The vulnerability could cause a remote attacker to execute arbitrary code on the affected system.
"software and systems identified for successful use"
all Linux operating systems installed with GNU Bash version less than or equal to 4.3.
"Vulnerability description"
the vulnerability stems from the special environment variables created before the bash shell that you invoke, which can contain code and be executed by bash.
"Vulnerability Detection method"
Vulnerability Detection command: $env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test"
Vulnerable
This is a test
if it appears as above, then, unfortunately, you must immediately fix the security patch.
"Recommended patching Scenarios"
Special Note: This fix will not have any effect.
Select the commands you need to fix according to the Linux version:
CentOS:
yum-y Update Bash
Ubuntu:
14.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg-i bash_4.3-7ubuntu1.1_ Amd64.deb
14.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg-i bash_4.3-7ubuntu1.1_ I386.deb
12.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg-i bash_4.2-2ubuntu2.2_ Amd64.deb
12.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg-i bash_4.2-2ubuntu2.2_ I386.deb
10.x64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg-i bash_4.1-2ubuntu3.1_ Amd64.deb
10.x32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg-i bash_4.1-2ubuntu3.1_ I386.deb
Debian:
7.5 64bit && 32bit
apt-get-y install--only-upgrade bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb && dpkg-i bash_ 4.1-3+deb6u1_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb && dpkg-i bash_ 4.1-3+deb6u1_i386.deb
openSUSE:
13.1 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm-uvh bash-4.2-68.4.1.x86_64. RPM
13.1 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && RPM-UVH bash-4.2-68.4.1.i586.rpm
Aliyun Linux:
5.x 64bit
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && RPM-UVH bash-3.2-33.el5.1.x86_64.rpm
5.x 32bit
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && RPM-UVH bash-3.2-33.el5.1.i386.rpm
"Patching complete test"
After you upgrade bash, perform the test:
$ env x= ' () {:;}; Echo vulnerable ' bash-c "echo this is a test"
bash:warning:x: Ignoring function definition attempt
bash:error importing function definition for ' x '
This is a test
If shown above, indicates that the vulnerability has been patched.
Linux Bash Critical Vulnerability Emergency Repair solution
