漏洞相关介绍
继上次 Linux 平台上 Heartbleed 爆出漏洞,Shell Shock 也出现了威胁不小的漏洞,几个小时前刚由美国政府的国家弱点数据库(NVD)发布了最新的弱点通报。范围涵盖绝大部分的 Unix-Like 操作系统,如Linux、BSD、MAC OS X 等等。
"GNU Bash through 4.3 processes trailing strings afterfunction definitions in the values of environment variables, which allowsremote attackers to execute arbitrary code via a crafted environment, asdemonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, themod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed byunspecified DHCP clients, and other situations in which setting the environmentoccurs across a privilege boundary from Bash execution."
系统:CentOS release 6.2 (Final)
一.检查是否存在
执行以下代码进行检查
env t='() { :;}; echo You are vulnerable.' bash -c "true"
如果提示以上的内容,说明需要打补丁
二.yum更新bash即可
yum update bash –y
其他的版本进行相应的升级即可
也可以重新编译安装bash
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
GNU官方补丁所在地址:http://seclists.org/oss-sec/2014/q3/650
