RecentlyLinux official built-in bash new found a very seriousVulnerability reference https://access.redhat.com/security/cve/CVE-2014-6271, which hackers can use to fully control the target system and initiate an attack,to prevent your Linux server from being affected, we recommend that you complete the bug fix as soon as possible , Fix the following method:
Special Reminder: The current solution is the Linux official solution, the vulnerability of the Linux official solution is still likely to be bypassed, follow-up we will provide a more thorough solution.
"Software and systems identified for successful use"
all installations of GNUBashLinux operating system with a version less than or equal to 4.3.
"Vulnerability description"
the vulnerability stems from the special kind of ad that you created before the bash shell you called.Environmentvariables, which can contain code,alsowill be executed by bash.
"Vulnerability Detection Method"
Vulnerability Detection command: ENV x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
before repair
Output:
Vulnerable
This is a test
If it appears as above, then, unfortunately, you must immediately fix the security patch.
after repairing with the patching scheme
BASH:WARNING:X: Ignoring function definition attempt
Bash:error importing function definition for ' x '
This is a test
Special NOTE: This fix will not have any effect, if your script uses the above method to define environment variables, your script execution will error when repaired.
"Recommended Patching Scenarios"
Special Note: This fix will not have any effect.
Select the commands you need to fix according to the Linux version:
CentOS:
YUM-Y Update Bash
Ubuntu:
14.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg-i bash_4.3-7ubuntu1.1_ Amd64.deb
14.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg-i bash_4.3-7ubuntu1.1_ I386.deb
12.04 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg-i bash_4.2-2ubuntu2.2_ Amd64.deb
12.04 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg-i bash_4.2-2ubuntu2.2_ I386.deb
10.x64bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg-i bash_4.1-2ubuntu3.1_ Amd64.deb
10.x32bit
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg-i bash_4.1-2ubuntu3.1_ I386.deb
Debian:
7.5 64bit && 32bit
Apt-get-y Install--only-upgrade Bash
6.0.x 64bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb && dpkg-i bash_4.1-3+ Deb6u1_amd64.deb
6.0.x 32bit
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb && dpkg-i bash_4.1-3+ Deb6u1_i386.deb
openSUSE:
13.1 64bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && RPM-UVH bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && RPM-UVH bash-4.2-68.4.1.i586.rpm
Aliyun Linux:
5.x 64bit
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && RPM-UVH bash-3.2-33.el5.1.x86_64.rpm
5.x 32bit
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && RPM-UVH bash-3.2-33.el5.1.i386.rpm
New Linux official built-in Bash discovers a very serious security vulnerability