Linux再曝安全漏洞Bash 比心血还严重
安全更新:
今天刚刚爆出Bash安全漏洞,SSH bash紧急安全补丁!重要!测试是否存在漏洞,执行以下命令:
$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test” vulnerable this is a test
如果显示如上,那么,很遗憾,必须立即打上安全补丁修复, 临时解决办法为:
yum -y update bash
升级bash后,执行测试:
$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test” bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test
如果显示如上,表示已经修补了漏洞。
相关信息参考:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/