安全更新:
今天刚刚爆出Bash安全漏洞,SSH bash紧急安全补丁!重要!
测试是否存在漏洞,执行以下命令:
$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
如果显示如上,那么,很遗憾,必须立即打上安全补丁修复,
临时解决办法为:
1
yum -y update bash
升级bash后,执行测试:
$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
如果显示如上,表示已经修补了漏洞。
相关信息参考:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/