Ubuntu手动打补丁
测试当前bash是否有漏洞:
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
对于Ubuntu 12.04和14.04,可以运行一下命令打上补丁:
sudo apt-get update && sudo apt-get install
对于不被支持的系统,可以手动打上补丁:
How to update bash on Ubuntu 10.10 Maverick - fix shellshock
Ubuntu 10.10 Maverick is now past the end-of-life / end-of-support phase so it will no longer be getting any updates, including security updates. To update / patch bash you must do so from source. Here are the commands to download the source for bash and build and install it:
mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i ; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
./configure && make && make install
cd ..
cd ..
rm -r src
Testing Bash for Shellshock
Paste this into a terminal
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Desired Result
✘
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
If you get something like the above message you're good