详细漏洞说明,请见【为什么说破壳漏洞会带来一场全球服务器的浩劫】
检测方法:
[root@ipython ~]# env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Sun Oct 12 23:16:36 EDT 2014
###date 被作为命令执行表示漏洞存在###修复方案(Default Centos):
[root@ipython ~]# yum update bash ##Version##
[root@ipython ~]# rpm -qa | grep bash
bash-4.1.2-15.el6_5.2.x86_64 --Ubuntu--
apt-get update
apt-get -y install --only-upgrade bash --debian--
apt-get update
apt-get -y install --only-upgrade bash
此时再次执行检测命令:
[root@ipython ~]# env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
date
cat: echo: No such file or directory
##同前面,输出date 表示修复成功##