coco碎碎念

Bash  Shellshock安全漏洞 修補過程參考

最新訊息請參考資料來源網站https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

1. 1.     打以下命令測試是否有漏洞

$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test"

會出現以下就表示有漏洞

vulnerable

this is a test

2.修補後結果

$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test"

l  Rehat出現結果

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

this is a test

l   CentOS 出現結果

this is a test

3.基本上的做法就是更新bash到最新版本

1. 檢查OS版本及bash目前版本

# lsb_release –a

出現版本資訊

LSB Version::base-4.0-ia32:base-4.0-noarch:core-4.0-ia32:core-4.0-noarch:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-ia32:printing-4.0-noarch

Distributor ID: CentOS

Description:    CentOS release 6.2 (Final)

Release:        6.2

Codename:       Final

# rpm -qa bash

1. 查相關OS版本bash要更新的patch對應

redhat   https://access.redhat.com/solutions/1207723

centos   http://lists.centos.org/pipermail/centos/2014-September/146099.html

1. 用yum 直接更新bash

# yum update bash         過程中會show出要更新的patch 版次 確認 y

# rpm -qa bash               檢查更新完版本

bash-4.1.2-15.el6_5.2.i686

$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test" 打指令測試

this is a test  CentOS 出現結果

1. 若沒有安裝yum 直接找對應的rpm

例如:redhat ES4

#cd /usr/src/redhat/RPMS/i386

# wget http://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/bash-3.0-27.0.2.el4.i386.rpm

#rpm -Uvh bash-3.0-27.0.2.el4.i386.rpm

# env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test"

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

this is a test

# rpm -qa bash

bash-3.0-27.0.2.el4