bash code injection security vulnerability-vulnerability warning-the black bar safety net

! bashbuga lot of people perhaps the upper half of the occurrence of the security issues of the“heart bleed”in Heartbleed Bug event memory is quite deep, this two days, there was also a“destruction level”of vulnerability-the Bash software security vulnerabilities. This vulnerability French GNU/Linux enthusiasts Stéphane Hassles found it. Subsequently, the United States computer Emergency Response Center, US-CERT, the Red Hat and more engaged in the security of the company to the Wednesday Time 9 month 2 4 day warning. On the security vulnerabilities details can be found in the United States government computing security of both vulnerability disclosure: CVE-2 0 1 4-6 2 7 1 and [CVE-2 0 1 4-7 1 6 9](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169&gt; a).

This vulnerability is actually very classic“injection attacks”, which is able to bash into a segment command from bash1. 1 4 to 4. 3 The existence of such a vulnerability. We first look at the security issues of the symptoms.

Shellshock (CVE-2 0 1 4-6 2 7 1)

The following is a simple test:

$ env VAR=‘() { :;}; echo Bash is vulnerable!’ bash-c “echo Bash Test”

If you find the above commands in your bash has such an output, that you it shows your bash is vulnerable:

Bash is vulnerable!
Bash Test

Simply look at, in fact, is to the environment variables into a segment code echo Bash is vulnerable to. On one of the principles I will be given later.

Soon, the CVE-2 0 1 4-6 2 7 1 The official patch out.-- Bash-4.3 Official Patch 2 of 5

[1] [2] [3] [4] [5] [6] [7] [8] next