Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Bash security vulnerabilities-through specially crafted environment variable injection vulnerabilities

2025-01-14 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Bash security vulnerabilities-through specially crafted environment variable injection vulnerabilities

2014-09-25, in the morning, I saw a security breach in bash on the group and on Red Hat's website, so we should upgrade the version of bash as soon as possible.

New version: make sure that you are not allowed to execute a bash function after the end of the command.

Test vulnerabilities:

[root@ ~] # env Xbox'() {:;}; echo vulnerable' bash-c "echo this is a test"

Vulnerable

This is a test

If the above problem occurs, the new bash needs to be updated.

Update bash:

Yum update bash-y

Test for vulnerabilities:

[root@ ~] # env Xbox'() {:;}; echo vulnerable' bash-c "echo this is a test"

Bash: warning: x: ignoring function definition attempt

Bash: error importing function definition for `x'

This is a test

If shown above, the vulnerability has been fixed.

Currently, using bash's multithreaded script, 100 + servers have been updated.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities updates security vulnerabilities tests variables environments production functions commands such as above servers versions red hats threads websites scripts problems such as out fix vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple macOS Microsoft Linux NVidia Huawei Xiaomi Redmi Docker Shulou Information MySQL OPPO Reno vpn MariaDB Apple Shulou Technology Shulou Tech Info macOS Microsoft Linux NVidia Huawei Xiaomi Redmi Docker Shulou Information MySQL OPPO Reno vpn MariaDB Apple Shulou Technology Shulou Tech Info

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report