Methods of repairing potential bash vulnerabilities on RedHat system

Time:2020-11-13

Bash is the software used to control the command prompt of Linux computer. Network security experts say hackers can take full control of the target computer system by exploiting a security vulnerability in bash.

Dan Guido, chief executive of trail of bits, a network security company, points out: “compared with heartbleed, the latter only allows hackers to spy on computers, but does not allow hackers to gain control of computers.”

“The way to exploit bash vulnerabilities is much simpler, you can cut and paste a line of software code, and you can get good results,” he said

Gido also said he was considering disconnecting his company’s non essential servers to protect them from the bash vulnerability until he was able to fix it.

Tod Beardsley, project manager of rapid7, a network security company, warned that bash vulnerability was rated as 10, which means that it has the greatest influence, while the difficulty of using it is rated as “low”, which means that hackers can easily use it to launch network attacks.

“By exploiting this vulnerability, an attacker could take over the entire operating system of the computer, gain access to confidential information, make changes to the system, and so on,” he said. Anyone’s computer system, if using bash software, needs to be patched immediately. “

Well… Let’s take a look at the fix method on the RedHat system:
1. Confirm whether the vulnerability exists:

Copy code

The code is as follows:

# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test

2. Repair method:
If it is a RedHat or CentOS system, directly execute the following command:

Copy code

The code is as follows:

yum -y update bash

Then re execute the above test command, if the prompt is as follows:

Copy code

The code is as follows:

# env x='() { :;}; echo vulnerable’ bash -c “

this is a test

The latest bash version is:

Copy code

The code is as follows:

# rpm -qa bash

bash-4.1.2-15.el6_5.2.x86_64

For more version information, please refer to RedHat official website: https://rhn.redhat.com/errata/RHSA-2014-1306.html

3. Security enhancement:
For PHP or other web service applications, the default shell is modified to nologin, such as:

Copy code

The code is as follows:

www:x:80:80::/home/www:/sbin/nologin