Thursday, 25 September 2014

(bash vulnerability) Bash software bug could be bigger threat than Heartbleed, experts warn

Secure your Linux , apple pc, servers
Try the vulnerability test (in Terminal): 

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you are vulnerable, you get back:
if get it "vulnerable" please immediate update bash shell at linux.

for Centos\RHEL linux :
yum update bash

For ubuntu :

apt-get update aptapt-get install --only-upgrade bash or
mkdir srccd srcwget
#download all patchesfor i in $(seq -f "%03g" 0 25); do wget$i; donetar zxvf bash-4.3.tar.gz cd bashcd bash-4.3#apply all patchesfor i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done#build and install./configure && make && make install cd
cd .. cd
cd ..rm -r src
Verify patch
export VULNCHECK='() { :; }; echo You are still vulnerable'; bash
You are still vulnerable

You can see if you’re vulnerable by running the following command:
In a vulnerable environment, it’ll say:

And again check vulnerability if look like its fine.
$ env X="() { :;} ; echo busted" /bin/sh -c "echo hello"
otherwise you get:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

No comments:

Post a Comment

Install XRDP in Centos 7

rpm -Uvh yum update yum groupinstall "GNOME Desktop" ...