Respectfullyuser:
Hello, a few days agoLinuxOfficially built-inBashZhongxin discovered a very serious security vulnerability, hackers can take advantage of thatBashThe vulnerability takes full control of the target system and launches an attack,A VPS of Linux system is usedCloud hosting, dedicated server customers,We recommend that you complete the vulnerability patching as soon as possible, and the following methods are following:
[Software and systems that have been confirmed to have been successfully used]
All installationsGNU bashVersion less than or equal to4.3ofLinuxOperating system.
【Vulnerability Description】
The vulnerability originates from your callbash shellPreviously created specialenvironment variables, which can contain code and will bebashExecution.
【Vulnerability Detection Method】
Vulnerability detection commands:env x='() { :; }; echo vulnerable' bash -c "echo this is a test"
Before repair
output:
vulnerable
this is a test
After repairing using a patching solution
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Special Note: This fix will not have any effect, if your script uses the above method to define environment variables, your script execution will report an error after the fix.
【Suggested Patch Plan】
Please refer to itLinuxVersion Select the command you need to fix, and to prevent accidents, it is recommended that you do it before executing the commandLinuxTake a snapshot of the server disk, and if an upgrade affects your server usage, you can roll back the system disk snapshot.
centos:
yum -y update bash
ubuntu:
14.04 64bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb&& dpkg -i bash_4.3-7ubuntu1.1_amd64.deb
14.04 32bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb&& dpkg -i bash_4.3-7ubuntu1.1_i386.deb
12.04 64bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb&& dpkg -i bash_4.2-2ubuntu2.2_amd64.deb
12.04 32bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb&& dpkg -i bash_4.2-2ubuntu2.2_i386.deb
10.10 64bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb&& dpkg -i bash_4.1-2ubuntu3.1_amd64.deb
10.10 32bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb&& dpkg -i bash_4.1-2ubuntu3.1_i386.deb
debian:
7.5 64bit && 32bit
apt-get -y install --only-upgrade bash
6.0.x 64bit
wgethttp://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb&& dpkg -i bash_4.1-3+deb6u1_amd64.deb
6.0.x 32bit
wgethttp://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb&& dpkg -i bash_4.1-3+deb6u1_i386.deb
opensuse:
13.1 64bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm&& rpm -Uvh bash-4.2-68.4.1.x86_64.rpm
13.1 32bit
wgethttp://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm&& rpm -Uvh bash-4.2-68.4.1.i586.rpm
aliyun linux:
5.x 64bit
wgethttp://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm&& rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm
5.x 32bit
wgethttp://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm&& rpm -Uvh bash-3.2-33.el5.1.i386.rpm
| 
Posted on 10/6/2014 5:47:24 PM
|
|
|
