The latest Basic Bash vulnerability repair solution
Bash broke the remote parsing Command Execution Vulnerability (CVE-2014-6271), spread to the major Linux distributions and MacOSX system. Attackers can remotely execute arbitrary commands in Bash-supported Web CGI environments.
After bash injection is made public, attackers only need to maintain
- $ Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
The first four characters do not change, that is, '() {fixed, followed by:;} in compliance with the prescribed syntax can be used for attack testing. Although the vulnerability has a great impact, the Environment used is limited compared with 'openssl.
To defend against bash injection, update bash first, and update bash to bash-4.1.2-15 in yum update.
Or add mod_security:
- Request Header values:
- SecRule REQUEST_HEADERS "^ \ (\) {" "phase: 1, deny, id: 1000000, t: urlDecode, status: 400, log, msg: 'cve-2014-6271-Bash attack '"
- SERVER_PROTOCOL values:
- SecRule REQUEST_LINE "\ (\) {" "phase: 1, deny, id: 1000001, status: 400, log, msg: 'cve-2014-6271-Bash attack '"
- GET/POST names:
- SecRule ARGS_NAMES "^ \ (\) {" "phase: 2, deny, id: 1000002, t: urlDecode, t: urlDecodeUni, status: 400, log, msg: 'cve-2014-6271-Bash attack '"
- GET/POST values:
- SecRule ARGS "^ \ (\) {" "phase: 2, deny, id: 1000003, t: urlDecode, t: urlDecodeUni, status: 400, log, msg: 'cve-2014-6271-Bash attack '"
- File names for uploads:
- SecRule FILES_NAMES "^ \ (\) {" "phase: 2, deny, id: 1000004, t: urlDecode, t: urlDecodeUni, status: 400, log, msg: 'cve-2014-6271-Bash attack '"
Although some people have provided rules for adding rules to the iptable, they feel that adding rules to the iptable would be too restrictive. However, you can try again:
- Iptables -- append INPUT-m string -- algo kmp -- hex-string '| 28 29 20 7B |' -- jump DROP
- Iptables using-m string -- hex-string '| 28 29 20 7B |'
Gitlab-shell is affected by Bash CVE-2014-6271 Vulnerability
Linux security vulnerability exposure Bash is more serious than heartbleed
The solution is to upgrade Bash. Please refer to this article.
Source: FreeBuf
Http://www.freebuf.com/vuls/44857.html Author: evil8
This article permanently updates the link address: