more on https://shellshocker.net/
CVE-2014-6271 remote execution code through bash.
CVE-2014-7169 incomplete fix for CVE-2014-6271
- Ubuntu : http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html (4.2-2ubuntu2.3, 4.3-7ubuntu1.2)
- Red Hat :https://access.redhat.com/security/cve/CVE-2014-7169
- Red Hat: https://access.redhat.com/articles/1200223
- Debian : https://security-tracker.debian.org/tracker/CVE-2014-7169
- CentOS: https://www.conoha.jp/blog/tech/3490.html (Japanese)
- CoreOS: https://coreos.com/blog/security-update-shellshock/
- Mac OS X: http://showterm.io/c96936f54f88c4475737d (need XCode)
FOR UBUNTU:
(9/26/2014) Ubuntu patch for CVE-2014-7169
for ubuntu, just use following command to upgrade bash
$ sudo apt-get update && sudo apt-get install bash
## check your bash version with
$ dpkg -s bash | grep Version
Version: 4.2-2ubuntu2.3
or
$ dpkg -s bash | grep Version
Version: 4.3-7ubuntu1.2
if your bash is patched, you will see no "echo" for 'vulnerable' as bellow;
$
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
FOR CENTOS
CentOS7 bash-4.2.45-5.el7_0.4 CentOS6 bash-4.1.2-15.el6_5.2 CentOS5 bash-3.2-33.el5_11.4
No comments:
Post a Comment