Linux Bash severe vulnerability emergency repair solution, bash severe vulnerability
Recommendation: 10-year technical masterpiece: High-Performance Linux Server build Practice II is released across the network, with a trial reading chapter and full-book instance source code download!
Today, a Bash security vulnerability has been detected. Bash has a security vulnerability that directly affects Unix-based systems (such as Linux and OS X ). This vulnerability causes remote attackers to execute arbitrary code on the affected system.
[Software and system confirmed to be used successfully]
All Linux operating systems that have installed GNU bash versions earlier than or equal to 4.3.
[Vulnerability description]
This vulnerability is caused by the special environment variables created before the bash shell you call. These variables can contain code and will be executed by bash.
[Vulnerability Detection Method]
Vulnerability Detection command: $ env x = '() {:;}; echo vulnerable' bash-c "echo this is a test"
Vulnerable
This is a test
If it is shown above, it is a pity that you must immediately install a security patch.
[Recommended repair solution]
Note: The Fix will not be affected.
Select the command to be repaired based on the Linux version:
Centos:
Yum-y update bash
Ubuntu:
14.04 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb & dpkg-I bash_4.3-7ubuntu1.1_amd64.deb
14.04 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb & dpkg-I bash_4.3-7ubuntu1.1_i386.deb
12.04 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb & dpkg-I bash_4.2-2ubuntu2.2_amd64.deb
12.04 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb & dpkg-I bash_4.2-2ubuntu2.2_i386.deb
10. × 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb & dpkg-I bash_4.1-2ubuntu3.1_amd64.deb
10. × 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb & dpkg-I bash_4.1-2ubuntu3.1_i386.deb
Debian:
7.5 64bit & 32bit
Apt-get-y install -- only-upgrade bash
6.0.x 64bit
Wget http://mirrors.aliyun.com/debian/pool/main/ B /bash/bash_4.1-3%2bdeb6u1_amd64.deb & dpkg-I bash_4.1-3 + deb6u1_amd64.deb
6.0.x 32bit
Wget http://mirrors.aliyun.com/debian/pool/main/ B /bash/bash_4.1-3%2bdeb6u1_i386.deb & dpkg-I bash_4.1-3 + deb6ustmi386.deb
Opensuse:
13.1 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm & rpm-Uvh bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm & rpm-Uvh bash-4.2-68.4.1.i586.rpm
Aliyun linux:
5. x 64bit
Wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm & rpm-Uvh bash-3.2-33.el5.1.x86_64.rpm
5. x 32bit
Wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm & rpm-Uvh bash-3.2-33.el5.1.i386.rpm
[Patch completion test]
After bash is upgraded, run the following test:
$ Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Bash: warning: x: ignoring function definition attempt
Bash: error importing function definition for 'X'
This is a test
If it is shown above, the vulnerability has been fixed.
Linux bash vulnerability affects centos
It is said that this vulnerability is very serious, and the details are unknown. The default Shell of centOS is bash, and it is estimated that it is hard to escape.
Linux bash vulnerability affects centos
It is said that this vulnerability is very serious, and the details are unknown. The default Shell of centOS is bash, and it is estimated that it is hard to escape.