Repairing method of Redhat broken shell bug

Source: Internet
Author: User
Tags cve

Hackers exploit this vulnerability to execute arbitrary code, even without the need for authentication, to remotely gain control of the system, including executing malicious programs, or implanting Trojan horses within the system, or obtaining sensitive information. Also, Bash has all the vulnerabilities from Bash 1.14 to bash version 4.3.


Detection script:

#!/bin/bashexitcode=0# cve-2014-6271cve20146271=$ (env  ' x= ()  { :;};  echo vulnerable '   ' bash_func_x () = ()  { :;};  echo vulnerable '  bash -c  ' echo test '  2>&1 | grep  ' Vulnerable '  | wc -l) echo -n  "cve-2014-6271  (original shellshock): " if  [  $CVE 20146271 -gt 0 ]; thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+1)) elseecho -e  "\033[92mnot vulnerable\033[39m" fi# CVE-2014-6277#  it is fully mitigated by the environment function prefix  passing avoidancecve20146277=$ (shellshocker= "()  { x ()  { _;};  x ()  { _;}  <<a; } " bash -c date 2>/dev/null | |  echo vulnerable)  | grep  ' vulnerable '  | wc -l) echo -n  " Cve-2014-6277&nBSP; (segfault):  "if [  $CVE 20146277 -gt 0 ]; thenecho -e " \033[ 91mvulnerable\033[39m "exitcode=$ ((exitcode+2)) elseecho -e " \033[92mnot vulnerable\033[39m "fi#  cve-2014-6278cve20146278=$ (shellshocker= ' ()  { echo vulnerable; } '  bash -c  shellshocker 2>/dev/null | grep  ' vulnerable '  | wc -l) echo -n   "cve-2014-6278  (Florian ' S patch): " if [  $CVE 20146278 -gt 0 ];  thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+4)) elseecho -e  "\033[ 92mnot vulnerable\033[39m "fi# cve-2014-7169cve20147169=$ (cd /tmp; rm -f /tmp/ Echo; env x= ' ()  {  (a) =>\ '  bash -c  "Echo echo nonvuln"  2 >/dev/null; [[  "$ (cat echo 2> /dev/null)"  ==  "Nonvuln"  ]]  && echo  "Vulnerable " 2> /dev/null)  | grep  ' vulnerable '  | wc -l) echo -n   "cve-2014-7169  (taviso bug): " if [  $CVE 20147169 -gt 0 ];  thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+8)) elseecho -e  "\033[92mnot  vulnerable\033[39m "fi# cve-2014-7186cve20147186=$ (bash -c  ' true <<EOF  <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF << Eof <<eof <<eof <<eof <<eof <<eof <<eof '  2>/dev/null | |  echo  "vulnerable")  | grep  ' vulnerable '  | wc -l) echo -n  " cve-2014-7186  (redir_stack bug):  "if [  $CVE 20147186 -gt 0 ];  thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+16)) elseecho -e  "\033[92mnot vulnerable\033[39m "fi# cve-2014-7187cve20147187=$ ((for x in {1..200}; do  echo  "FOR&NBSP;X$X&NBSP;IN&NBSP;;&NBSP;DO&NBSP;:"; done; for x in {1..200};  do echo done; done)  | bash | |  echo  "vulnerable")  | grep  ' vulnerable '  | wc -l) echo -n  " cve-2014-7187  (Nested loops off by one):  "if [  $CVE 20147187 -gt  0 ]; thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+32)) elseecho  -e  "\033[92mnot vulnerable\033[39m" fi# cve-2014-////cve2014=$ (env x= '   ()  {  }; echo vulnerable '  bash -c  ' date '  | grep  ' vulnerable ' &NBSP;|&NBSP;WC  -l) echo -n  "cve-2014-////  (exploit 3 on http://shellshocker.net/): " if [  $CVE 2014 -gt 0 ]; thenecho -e  "\033[91mvulnerable\033[39m" exitcode=$ ((exitcode+64)) elseecho -e  "\033[92mnot vulnerable \033[39m "fiexit  $EXITCODE

Execution code if the following results appear, the vulnerability is present on the machine.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/82/C4/wKioL1dgwbHTYeodAACyYUQ6kx4771.jpg-wh_500x0-wm_3 -wmp_4-s_2270579027.jpg "title=" qq20160615104207.jpg "alt=" Wkiol1dgwbhtyeodaacyyuq6kx4771.jpg-wh_50 "/>


Workaround:

1. Upgrade bash with Yum Update bash.

2, Login Redhat official website, download the latest bash, compile updates.


This article is from the "Rookie Linux History" blog, make sure to keep this source http://jackdady.blog.51cto.com/8965949/1789419

Repairing method of Redhat broken shell bug

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.