redhat公式提供bash脆弱性診断方法、現在5.2パッチが最終版
テキストアドレスhttps://access.redhat.com/articles/1200223
原文脆弱性検出部
Red Hat Access Labs has provided a script to help confirm if a system is patched against to the Shellshock vulnerability. You can also manually test your version of Bash by running the following command:
If the output of the above command contains a line containing only the word
Note that different Bash versions will also print different warnings while executing the above command. The Bash versions without any fix produce the following output:
The versions with only the original CVE-2014-6271 fix applied produce the following output:
The versions with additional fixes from RHSA-2014:1306, RHSA-2014:1311 and RHSA-2014:1312 produce the following output:
The difference in the output is caused by additional function processing changes explained in the "How does this impact systems"section below.
The fix for CVE-2014-7169 ensures that the system is protected from the file creation issue. To test if your version of Bash is vulnerable to CVE-2014-7169, run the following command:
If your system is vulnerable, the time and date information will be output on the screen and a file called/tmp/echo will be created.
If your system is not vulnerable, you will see output similar to:
If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:
以上の原文の簡略翻訳は以下の通りである.
bash脆弱性を補完せずに実行
出力結果は
5.1パッチを補って、更に実行して、結果は
(unexpected tokenの行が少なくなった)
5.2最終版のパッチを補充して、更に実行して、結果は
5.1パッチが追加されましたが、5.2最終パッチが追加されていません.
出力結果は
5.2最終版のパッチを補完すると、結果は
原文脆弱性検出部
Diagnostic Steps
Red Hat Access Labs has provided a script to help confirm if a system is patched against to the Shellshock vulnerability. You can also manually test your version of Bash by running the following command:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"If the output of the above command contains a line containing only the word
vulnerable you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Note that different Bash versions will also print different warnings while executing the above command. The Bash versions without any fix produce the following output:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
testThe versions with only the original CVE-2014-6271 fix applied produce the following output:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
bash: error importing function definition for `BASH_FUNC_x()'
testThe versions with additional fixes from RHSA-2014:1306, RHSA-2014:1311 and RHSA-2014:1312 produce the following output:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
testThe difference in the output is caused by additional function processing changes explained in the "How does this impact systems"section below.
The fix for CVE-2014-7169 ensures that the system is protected from the file creation issue. To test if your version of Bash is vulnerable to CVE-2014-7169, run the following command:
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Fri Sep 26 11:49:58 GMT 2014If your system is vulnerable, the time and date information will be output on the screen and a file called/tmp/echo will be created.
If your system is not vulnerable, you will see output similar to:
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directoryIf your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:
# yum update bash以上の原文の簡略翻訳は以下の通りである.
bash脆弱性を補完せずに実行
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"出力結果は
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test5.1パッチを補って、更に実行して、結果は
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
bash: error importing function definition for `BASH_FUNC_x()'
test(unexpected tokenの行が少なくなった)
5.2最終版のパッチを補充して、更に実行して、結果は
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test5.1パッチが追加されましたが、5.2最終パッチが追加されていません.
cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo出力結果は
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Fri Sep 26 11:49:58 GMT 20145.2最終版のパッチを補完すると、結果は
date
cat: /tmp/echo: No such file or directory