“Broken shell vulnerability”of self-diagnosis and repair-vulnerability warning-the black bar safety net

2014-09-27T00:00:00
ID MYHACK58:62201454124
Type myhack58
Reporter 佚名
Modified 2014-09-27T00:00:00

Description

[”The broken shell vulnerability”of self-diagnosis and repair] now is hot of the Bash vulnerability, also known as the”broken shell vulnerability”that can lead to a remote attacker on the affected system to execute arbitrary code, it can affect multiple System Services: Web, ssh, gitlab, DHCP, and so on. This vulnerability famous Vulnerability CVE library issued 2 vulnerability ID: CVE-2 0 1 4-6 2 7 1 and CVE-2 0 1 4-7 1 6 9 This is due to the Bash official in the first time to repair the vulnerability“CVE-2 0 1 4-7 1 6 9”the patch is not complete lead to be bypassed-that is, the CVE-2 0 1 4-7 1 6 9 in. 2 vulnerability of a diagnostic test in different ways, as follows:

CVE-2 0 1 4-6 2 7 1 vulnerability diagnostic tests:

Open the“terminal”input env x=’() { :;}; echo vulnerable’ bash-c ‘echo hello’ and execute the if show:

[root@localhost ~]# env x=’() { :;}; echo vulnerable’ bash-c ‘echo hello’

vulnerable

hello

Description of the vulnerability exists, if display:

[root@localhost ~]# env x=’() { :;}; echo vulnerable’ bash-c ‘echo hello’

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

[1] [2] [3] next