Ubuntu12.04 64bit 修复bash漏洞

昨天一大早就看到一些群里在讨论bash漏洞,很吓人的样子,但看了下网上的消息,官方早些时候给出的修复方法貌似也是有问题的,所以一直没有修复线上的服务器,等到晚上收到阿里云的邮件,给出了修复方法,阿里还是值得信赖,按照论坛里的方法先修复了一台我的虚拟机,简单测试了下没有问题,然后就把线上所有服务器都修复了。

测试漏洞的方法是在shell下执行下面的命令(关于这条命令的说明可见知道创宇的博文)

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

如果返回以下内容就说明有问题了
vulnerable
this is a test

 

修复过程如下

root@TEST-A:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 
vulnerable
this is a test
root@TEST-A:~# wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb
--2014-09-26 11:46:54--  http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 115.28.122.210, 112.124.140.210
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|115.28.122.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 641198 (626K) [application/octet-stream]
Saving to: `bash_4.2-2ubuntu2.2_amd64.deb'

100%[================================================================================================================================>] 641,198     1.96M/s   in 0.3s    

2014-09-26 11:46:55 (1.96 MB/s) - `bash_4.2-2ubuntu2.2_amd64.deb' saved [641198/641198]

root@TEST-A:~# dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb 
(Reading database ... 53200 files and directories currently installed.)
Preparing to replace bash 4.2-2ubuntu2 (using bash_4.2-2ubuntu2.2_amd64.deb) ...
Unpacking replacement bash ...
Setting up bash (4.2-2ubuntu2.2) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode.
Processing triggers for man-db ...
root@TEST-A:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

 

如果服务器比较多的话用saltstatck之类的配置管理工具会很方便。

20140926更新

昨天的修复方法还是可以被绕过,阿里的修复方法已经更新了,在ubuntu下需要以下操作
漏洞检测命令:

env -i  X='() { (a)=>\' bash -c 'echo date'; cat echo

 
修复前输出: 当前系统时间 使用修补方案修复后 输出 date (备注:输出结果中包含date字符串就修复成功了。)
我修复前及修复后的对比
修复前

localhost:cescwu$ env -i  X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Fri Sep 26 20:41:44 CST 2014

 
修复后

localhost:cescwu$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo 
bash: X: line 1: syntax error near unexpected token `=' 
bash: X: line 1: `' 
bash: error importing function definition for `X' 
date Fri Sep 26 20:41:46 CST 2014