日前Linux官方内置Bash中新发现一个非常严重安全漏洞,黑客可以利用该Bash漏洞完全控制目标系统并发起攻击,为了避免Linux服务器受影响,就要尽快修补该漏洞了。 (漏洞参考https://access.redhat.com/security/cve/CVE-2014-6271) 修复方法如下: 1、修复前先用下面命令测试,如果出现vulnerable,就说明该服务器版本在漏洞列表中 [root@local /]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test2、如果是CentOS系统可直接用yum update bash命令升级bash [root@local /]# yum update bash注意:升级完后,CentOS系统一定要重启,才能生效。 3、再次用命令查看是否已经修复成功(没有出现vulnerable一行就说明修复成功了) [root@local /]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test 其他系统修复办法: ubuntu: 14.04 64bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb 14.04 32bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i bash_4.3-7ubuntu1.1_i386.deb 12.04 64bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i bash_4.2-2ubuntu2.2_amd64.deb 12.04 32bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i bash_4.2-2ubuntu2.2_i386.deb 10.10 64bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb 10.10 32bit wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb debian: 7.5 64bit && 32bit apt-get -y install –only-upgrade bash 6.0.x 64bit wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb && dpkg -i bash_4.1-3+deb6u1_amd64.deb 6.0.x 32bit wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb && dpkg -i bash_4.1-3+deb6u1_i386.deb opensuse: 13.1 64bit wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm 13.1 32bit wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm (责任编辑:IT) |