Bash漏洞检测及解决方案 |
一、检测方法 1、redhat、centos 运行命令: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 2.debian、ubuntu 运行命令: $ sudo env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 如果返回以下内容:则请尽快升级。 vulnerable this is test 二、解决方案—升级bash 1、redhat、centos 运行: #yum clean all #yum -y update bash 2.debian、ubuntu 运行: $sudo apt-get update $sudo apt-get upgrade 最后测试(以ubuntu为例): test@bogon:~$ sudo env x="() { :;}; echo vulnerable" bash -c "echo this is test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is test 返回以上内容表示已升级成功 |