Urgent solution for fixing critical Linux Vulnerabilities
Recommendation: 10-year technical masterpiece: High-Performance Linux Server build Practice II is released across the network, with a trial reading chapter and full-book instance source code download!
Today, a Bash security vulnerability has been detected. Bash has a security vulnerability that directly affects Unix-based systems (such as Linux and OS X ). This vulnerability causes remote attackers to execute arbitrary code on the affected system.
[Software and system confirmed to be used successfully]
All Linux operating systems that have installed GNU bash versions earlier than or equal to 4.3.
[Vulnerability description]
This vulnerability is caused by the special environment variables created before the bash shell you call. These variables can contain code and will be executed by bash.
[Vulnerability Detection Method]
Vulnerability Detection command: $ env x = '() {:;}; echo vulnerable' bash-c "echo this is a test"
Vulnerable
This is a test
If it is shown above, it is a pity that you must immediately install a security patch.
[Recommended repair solution]
Note: The Fix will not be affected.
Select the command to be repaired based on the Linux version:
Centos:
Yum-y update bash
Ubuntu:
14.04 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb & dpkg-I bash_4.3-7ubuntu1.1_amd64.deb
14.04 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb & dpkg-I bash_4.3-7ubuntu1.1_i386.deb
12.04 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb & dpkg-I bash_4.2-2ubuntu2.2_amd64.deb
12.04 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb & dpkg-I bash_4.2-2ubuntu2.2_i386.deb
10. × 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb & dpkg-I bash_4.1-2ubuntu3.1_amd64.deb
10. × 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb & dpkg-I bash_4.1-2ubuntu3.1_i386.deb
Debian:
7.5 64bit & 32bit
Apt-get-y install -- only-upgrade bash
6.0.x 64bit
Wget http://mirrors.aliyun.com/debian/pool/main/ B /bash/bash_4.1-3%2bdeb6u1_amd64.deb & dpkg-I bash_4.1-3 + deb6u1_amd64.deb
6.0.x 32bit
Wget http://mirrors.aliyun.com/debian/pool/main/ B /bash/bash_4.1-3%2bdeb6u1_i386.deb & dpkg-I bash_4.1-3 + deb6ustmi386.deb
Opensuse:
13.1 64bit
Wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm & rpm-Uvh bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
Wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm & rpm-Uvh bash-4.2-68.4.1.i586.rpm
Aliyun linux:
5. x 64bit
Wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm & rpm-Uvh bash-3.2-33.el5.1.x86_64.rpm
5. x 32bit
Wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm & rpm-Uvh bash-3.2-33.el5.1.i386.rpm
[Patch completion test]
After bash is upgraded, run the following test:
$ Env x = '() {:;}; echo vulnerable 'bash-c "echo this is a test"
Bash: warning: x: ignoring function definition attempt
Bash: error importing function definition for 'X'
This is a test
If it is shown above, the vulnerability has been fixed.