在阿里云购买的Centos 6.5 64位,所有安装GNU bash 版本小于或者等于4.3的Linux操作系统,通过bash -version 查看如下图:
升级方法很简单,用yum -y update bash
reboot
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
更新之后无解,版本相同,不知道, 是不是镜像那里出问题了?
漏洞检测命令:env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
修复前
输出:
vulnerable
this is a test
使用修补方案修复后
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
特别提示:该修复不会有任何影响,如果您的脚本使用以上方式定义环境变量,修复后您的脚本执行会报错。
显示结果:
[root@iZ25cv9rpyqZ ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
没有问题啊。
详情:http://bbs.aliyun.com/read/176977.html?spm=5176.7189909.3.15.B5GXuC
完美源码 » Linux Bash严重漏洞