Hackers exploit this vulnerability to execute arbitrary code, even without the need for authentication, to remotely gain control of the system, including executing malicious programs, or implanting Trojan horses within the system, or obtaining sensitive information. Also, Bash has all the vulnerabilities from Bash 1.14 to bash version 4.3.
Detection script:
#!/bin/bashexitcode=0# cve-2014-6271cve20146271=$ (env ' x= () { :;}; echo vulnerable ' ' bash_func_x () = () { :;}; echo vulnerable ' bash -c ' echo test ' 2>&1 | grep ' Vulnerable ' | wc -l) echo -n "cve-2014-6271 (original shellshock): " if [ $CVE 20146271 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+1)) elseecho -e "\033[92mnot vulnerable\033[39m" fi# CVE-2014-6277# it is fully mitigated by the environment function prefix passing avoidancecve20146277=$ (shellshocker= "() { x () { _;}; x () { _;} <<a; } " bash -c date 2>/dev/null | | echo vulnerable) | grep ' vulnerable ' | wc -l) echo -n " Cve-2014-6277&nBSP; (segfault): "if [ $CVE 20146277 -gt 0 ]; thenecho -e " \033[ 91mvulnerable\033[39m "exitcode=$ ((exitcode+2)) elseecho -e " \033[92mnot vulnerable\033[39m "fi# cve-2014-6278cve20146278=$ (shellshocker= ' () { echo vulnerable; } ' bash -c shellshocker 2>/dev/null | grep ' vulnerable ' | wc -l) echo -n "cve-2014-6278 (Florian ' S patch): " if [ $CVE 20146278 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+4)) elseecho -e "\033[ 92mnot vulnerable\033[39m "fi# cve-2014-7169cve20147169=$ (cd /tmp; rm -f /tmp/ Echo; env x= ' () { (a) =>\ ' bash -c "Echo echo nonvuln" 2 >/dev/null; [[ "$ (cat echo 2> /dev/null)" == "Nonvuln" ]] && echo "Vulnerable " 2> /dev/null) | grep ' vulnerable ' | wc -l) echo -n "cve-2014-7169 (taviso bug): " if [ $CVE 20147169 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+8)) elseecho -e "\033[92mnot vulnerable\033[39m "fi# cve-2014-7186cve20147186=$ (bash -c ' true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF << Eof <<eof <<eof <<eof <<eof <<eof <<eof ' 2>/dev/null | | echo "vulnerable") | grep ' vulnerable ' | wc -l) echo -n " cve-2014-7186 (redir_stack bug): "if [ $CVE 20147186 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+16)) elseecho -e "\033[92mnot vulnerable\033[39m "fi# cve-2014-7187cve20147187=$ ((for x in {1..200}; do echo "FOR&NBSP;X$X&NBSP;IN&NBSP;;&NBSP;DO&NBSP;:"; done; for x in {1..200}; do echo done; done) | bash | | echo "vulnerable") | grep ' vulnerable ' | wc -l) echo -n " cve-2014-7187 (Nested loops off by one): "if [ $CVE 20147187 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+32)) elseecho -e "\033[92mnot vulnerable\033[39m" fi# cve-2014-////cve2014=$ (env x= ' () { }; echo vulnerable ' bash -c ' date ' | grep ' vulnerable ' &NBSP;|&NBSP;WC -l) echo -n "cve-2014-//// (exploit 3 on http://shellshocker.net/): " if [ $CVE 2014 -gt 0 ]; thenecho -e "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+64)) elseecho -e "\033[92mnot vulnerable \033[39m "fiexit $EXITCODE
Execution code if the following results appear, the vulnerability is present on the machine.
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/82/C4/wKioL1dgwbHTYeodAACyYUQ6kx4771.jpg-wh_500x0-wm_3 -wmp_4-s_2270579027.jpg "title=" qq20160615104207.jpg "alt=" Wkiol1dgwbhtyeodaacyyuq6kx4771.jpg-wh_50 "/>
Workaround:
1. Upgrade bash with Yum Update bash.
2, Login Redhat official website, download the latest bash, compile updates.
This article is from the "Rookie Linux History" blog, make sure to keep this source http://jackdady.blog.51cto.com/8965949/1789419
Repairing method of Redhat broken shell bug