CESA-2014:1293 Critical CentOS 6 bash Security Update
http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
SSH bash紧急安全补丁!重要!
测试是否存在漏洞,执行以下命令:
env t='() { :;}; echo You are vulnerable.’ bash -c "true"
如果显示You are vulnerable,很遗憾,必须立即打上安全补丁修复
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
CESA-2014:1293 Critical CentOS 6 bash Security Update
http://lists.centos.org/pipermail/centos-announce/2014-September/020585.html
———————————————————————–
让我们看一下Centos6.5
1 2 |
[root@kinggoo.com~]# cat /etc/redhat-release CentOS release 6.5 (Final) |
更新bash
1 |
[root@kinggoo.com ~]# yum update bash |
更新命令及ldconfig后,在去使用测试命令
1 2 |
[root@kinggoo.com ~]# ldconfig [root@kinggoo.com ~]# env t='() { :;}; echo You are vulnerable.' bash -c "true" |
https://access.redhat.com/articles/1200223