參考網站:bash 漏洞檢測與修補 « Jamyy’s Weblog
bash 的漏洞造成的危害,請參考:
MyFirefox | Unix亮紅燈!大漏洞「Shellshock」可惡意挾持電腦系統
CentOS 5.x
# cat /etc/redhat-release
CentOS release 5.10 (Final)
目前安裝 bash 套件
# rpm -qa | grep bash
bash-3.2-32.el5_9.1
bash 版本
# bash –version
GNU bash, version 3.2.25(1)-release (i386-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
檢查是否有漏洞(有)
# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
更新之後的 bash 套件
# rpm -qa | grep bash
bash-3.2-33.el5.1
或
bash-3.2-33.el5_10.4
bash 版本
# bash –version
GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
檢查是否有漏洞(無)
# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test[@more@]CentOS 6.x
# cat /etc/redhat-release
CentOS release 6.5 (Final)
bash 版本
# bash –version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
檢查是否有漏洞(無)
# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: 錯誤,輸入的函數定義為 `x’
this is a test
更新之後的 bash 套件
# rpm -qa | grep bash
bash-4.1.2-15.el6_5.2.i686
bash-4.1.2-15.el6_5.2.x86_64
CentOS 7.x
# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
目前安裝 bash 套件
# rpm -qa | grep bash
bash-4.2.45-5.el7.x86_64
bash-completion-2.1-6.el7.noarch
目前 bash 的版本
# bash –version
GNU bash, version 4.2.45(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
檢查是否有漏洞(有)
# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
更新之後的 bash 套件
# rpm -qa | grep bash
bash-4.2.45-5.el7_0.4.x86_64
bash-completion-2.1-6.el7.noarch
更新之後的 bash 版本
# bash –version
GNU bash, version 4.2.45(1)-release (x86_64-redhat-linux-gnu)
出現這樣,不知道有沒有修補完成(?),但應該是有修正完成
# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
this is a test