標籤:
1.bash shell是大多數linux發行版本的預設shell命令直譯器,但是最近爆出bash shell存在漏洞。
2.如果Bash是預設的系統shell,網路攻擊者可以通過發送Web請求、secure shell、telnet會話或其它使用Bash執行指令碼的程式攻擊伺服器和其它Unix和Linux裝置。該漏洞在影響範圍上與Heartbleed漏洞相當,在危險程度上也許沒有Heartbleed高。
3.漏洞影響GNU Bash v1.14到v4.3,主要Linux發行版如Red Hat Enterprise Linux (v4到7)、Fedora、CentOS、Ubuntu和Debian都已經發布了補丁。但補丁尚未完全修複問題。你可以輸入命令env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"測試你的系統是否存在漏洞,如果存在漏洞會返回“vulnerable this is a test”。
4.自己測試如下,可惜的是我的機器也存在漏洞,因為我的bash版本是4.1.2:
[[email protected] ~]$ env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"vulnerablethis is a test[[email protected] ~]$ /bin/sh --versionGNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)Copyright (C) 2009 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software; you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.[[email protected] ~]$
bash shell漏洞及測試
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
