shellshock_Shellshock Bash漏洞

shellshock

Shellshock is a vulnerability that has been discovered in Bash, which you are likely to know as the command line interface that you use to manage your Linux server through SSH. On a compromised system, hackers can utilise the Shellshock exploit to run malicious commands that can be used to give them full control of an affected server. These servers can then be grouped together to create botnets that can be used for DDoS attacks amongst other things; the data on affected servers can also be compromised.

Shellshock是Bash中发现的一个漏洞，您很可能将其称为命令行界面，用于通过SSH管理Linux服务器。 在受感染的系统上，黑客可以利用Shellshock漏洞运行恶意命令，这些命令可以使他们完全控制受影响的服务器。 然后，可以将这些服务器组合在一起以创建可用于DDoS攻击等的僵尸网络。 受影响服务器上的数据也可能遭到破坏。

Shellshock is a serious bug that lies at the very heart of all Unix-based systems including all Linux distributions and Mac OS X. If you have a Linux-based eNlight virtual machine, Linux VPS, or Linux dedicated server, then you should take immediate action in order to protect your server.

Shellshock是一个严重的错误，它位于所有基于Unix的系统(包括所有Linux发行版和Mac OS X)的核心。如果您具有基于Linux的eNlight虚拟机，Linux VPS或Linux专用服务器，则应立即采取行动。以保护您的服务器。

So you’re probably wondering, ‘how do I know if my server’s vulnerable?’ Well, it’s quite a simple process. First, you need to log in to your Linux server through SSH. In the command line, run the following command:

因此，您可能想知道，“我怎么知道服务器是否易受攻击？” 好吧，这是一个非常简单的过程。 首先，您需要通过SSH登录到Linux服务器。 在命令行中，运行以下命令：

env x=’() { :;}; echo vulnerable’ bash –c “echo this is a test”

env x ='(){：;}; 回声易受攻击的bash –c“回声这是一个测试”

If this command outputs the following:

如果此命令输出以下内容：

vulnerable this is a test

脆弱 这是一个考验

Then you are using a vulnerable version of Bash. The easiest way to patch the vulnerability is to upgrade to the latest version of Bash, this can be achieved by running ‘yum upgrade bash’ via SSH. If you re-run our vulnerability test illustrated above once the upgrade is complete, you should receive the following output:

然后，您正在使用易受攻击的Bash版本。 修补漏洞的最简单方法是升级到最新版本的Bash，可以通过SSH运行“ yum upgrade bash”来实现。 如果升级完成后重新运行上述漏洞测试，则应收到以下输出：

bash: warning: x: ignoring function definition attempt bash: error importing function definition for ‘x’ this is a test

bash：警告：x：忽略函数定义尝试 bash：导入“ x”的函数定义时出错， 这是一个测试

Then you can be sure that your Linux server is patched and will no longer be vulnerable to attack through the Shellshock exploit.

然后，您可以确保Linux服务器已打补丁，并且不再容易受到Shellshock漏洞的攻击。

If you want more information on Shellshock or need help with patching your server, please do not hesitate to contact our 24×7 support team.

如果您想了解有关Shellshock的更多信息或需要修补服务器的帮助，请随时联系我们的24×7支持团队 。

翻译自: https://www.eukhost.com/blog/webhosting/shellshock-bash-vulnerability/

shellshock