Linux bash shell vulnerability detection and repair method

If the Linux server has a bash shell vulnerability, it may cause the remote attacker operating system to execute arbitrary commands, the threat level is higher, then how do we know whether the Linux system is The vulnerability exists, how to fix it? Let's take a look at it with Xiaobian.

Question: I want to know if my Linux server has a bash shelling vulnerability and how to protect my Linux server from shelling.

On September 24, 2014, a security researcher named Stefan · Shazella discovered a name called "Broken Shell" (Shellshock, also known as "Bash Gate" & rdquo; or & ldquo; Bash vulnerability & rdquo; bash vulnerability. If the vulnerability is penetrated, the remote attacker can execute any program code by outputting the function definition in a specially crafted environment before calling the shell. The code inside these functions can then be executed immediately when bash is called.

Note that the broken shell to bash vulnerabilities affect version 1.14 to 4.3 (the current version). Although there is no authoritative and complete fix for this vulnerability at the time of this writing, although major Linux distributions (Debian, Red Hat, CentOS, Ubuntu, and Novell/Suse) have been released to partially address patches related to this vulnerability. (CVE-2014-6271 and CVE-2014-7169), and it is recommended to update bash as soon as possible and check for updates within a few days (LCTT, you may have a complete solution when you see this article).

Detecting Shell Vulnerabilities

To check if there is a shelling vulnerability in your Linux system, enter the following command in the terminal.

$ env x=‘() { :;}; echo “Your bash version is vulnerable”& rsquo; bash -c “echo This is a test”

If your The Linux system has been exposed to the shelling vulnerability, and the command output will look like this:

Your bash version is vulnerableThis is a test

In the above command, an environment variable named x It has been set up for the user environment. As we have seen, it is not assigned (is a virtual function definition), followed by an arbitrary command (red), which will be executed before the bash call.

Applying a fix for a shell vulnerability

You can install a newly released bash patch as follows.

On Debian and its derivatives:

# aptitude update && aptitude safe-upgrade bash

On Red Hat-based distributions:

# yum update bash

before patch:

Debian:

CentOS:

after the patch:

Debian:

CentOS:

Note that before or after installing the patch, bash each version release did not change & mdash occur; & mdash; but you You can see that the patch has been installed by running the update command (it is likely to require confirmation before installation).

If for some reason you can't install the patch, or if the patch for your distribution has not yet been released, then it is recommended that you try another shell until the fix appears.

The above is the detection and repair method of bash shelling vulnerability in Linux system. Hurry to detect whether there is a bash shelling vulnerability in your system to prevent the server from being attacked.