相信各位应该早就知道了。。。昨天一大早起床就看到俩负责的国外厂商发的邮件
之所以只有国外的,当然不是想说国内的厂商不负责,只是因为我个人不喜欢用国内的而已。咳咳扯远了。随手点开其中一封看了下:
附上邮件中的原文链接: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
接下来说说应该怎么确定这个 bug
首先,在你的 shell 中执行以下语句1
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
如果输出1
2Bash is vulnerable!
Bash Test
就代表漏洞存在
如果输出类似1
2
3bash: warning: VAR: ignoring function definition attempt
bash: error importing function definition for `VAR'
Bash Test
则不存在漏洞
修复漏洞:
APT-GET: Ubuntu / Debian
Update Bash to the latest version available via apt-get:1
sudo apt-get update && sudo apt-get install --only-upgrade bash
Now check your system vulnerability again by running the command in the previous section (Check System Vulnerability).
YUM: CentOS / Red Hat / Fedora
Update Bash to the latest version available via the yum:1
sudo yum update bash
Now check your system vulnerability again by running the command in the previous section (Check System Vulnerability).
大功告成