Shell upgrade,/bin/bash version number 4.1 to 4.3

Source: Internet
Author: User
Tags echo date aliyun

Bash An arbitrary code run vulnerability exists in the environment variable: "A CGI request can cause remote code to run, causing the server to be compromised." Serious harm . and the official release patch was also bypassed " ,

"Vulnerability Impact":

1) Bash affected version number: 3.0 ~ 4.3, the bash version number less than 3.0 may also be affected.

2) Intrusion mode: The combination of CGI mode can cause remote code to run, intrusion server.


Understanding the system's current bash version number

[[email protected] ~]#/BIN/BASH-VERSIONGNU Bash, version 4.1.2 (1)-release (X86_64-REDHAT-LINUX-GNU) Copyright (C) Ree software Foundation, inc.license gplv3+: GNU GPL version 3 or later 

bash:http://ftp.gnu.org/gnu/bash/

Install Upgrade Bash

wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gztar zxvf bash-4.3.tar.gzcd bash-4.3./configuremakemake Install

Since bash is installed under the/usr/local/bin/folder by default, it is necessary to create a link to the/bin/folder, which requires a reboot after the installation is complete!

Mv/bin/bash/bin/bash.bak; Ln-s/usr/local/bin/bash/bin/bash
[[email protected] ~]#/BIN/BASH-VERSIONGNU Bash, version 4.3.0 (1)-release (X86_64-UNKNOWN-LINUX-GNU) Copyright (C) 2011 Free software Foundation, inc.license gplv3+: GNU GPL version 3 or later 
Linux bash critical bug fix Emergency notification (updated September 25, 2014)

A serious security vulnerability was discovered recently in Linux's official built-in bash. Hackers can take advantage of this bash vulnerability to completely control the target system and launch an attack, in order to avoid your linuxserver being affected. We recommend that you complete the bug fix as soon as possible. Repair methods such as the following:

Vulnerability Detection method

You can use the following command to check the system for this vulnerability:

Env-i x= ' () {(a) =>\ ' bash-c ' echo date '; Cat Echo
Pre-Repair output: current system time

After repairing with the patching scheme

Date

Special NOTE: This fix will not have any effect, assuming that your script uses the above method to define environment variables, after the repair your script run will error.

The date string included in the output results in the repair success.

Patching Scenarios

Centos:

Yum clean allyum makecacheyum-y Update bash

Ubuntu:

Apt-cache gencachesapt-get-y Install--only-upgrade bash

Debian 7.5 64bit && 32bit:

Apt-cache gencachesapt-get-y Install--only-upgrade bash

Debian 6.0.x 64bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_amd64.deb &&  dpkg-i bash_ 4.1-3+deb6u2_amd64.deb

Debian 6.0.x 32bit

wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3+deb6u2_i386.deb &&  dpkg-i bash_ 4.1-3+deb6u2_i386.deb

openSUSE

Aliyun Linux:

5.x 64bit wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && rpm- UVH bash-3.2-33.el5.1.x86_64.rpm5.x 32bit wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/ bash-3.2-33.el5.1.i386.rpm && RPM-UVH bash-3.2-33.el5.1.i386.rpm

Shell upgrade,/bin/bash version number 4.1 to 4.3

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.