Skip to content

Linux Bash漏洞检测以及修补方法

在广泛使用的Linux软件Bash中新发现了一个安全漏洞。该漏洞对电脑用户构成的威胁可能比今年4月发现的“心脏流血”(Heartbleed)漏洞更大。Hacker可以利用Bash中的漏洞完全控制目标系统,执行任意代码。

【BASH漏洞检测方法】
漏洞检测命令:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

如果显示如上,那么,很遗憾,必须立即打上安全补丁修复。

【建议修补方案 】

特别提示:该修复不会有任何影响。

根据Linux版本选择您需要修复的命令:.

centos: 
yum -y update bash 
 
ubuntu: 
14.04 64bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_amd64.deb && dpkg -i bash_4.3-7ubuntu1.1_amd64.deb 
 
14.04 32bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.3-7ubuntu1.1_i386.deb && dpkg -i  bash_4.3-7ubuntu1.1_i386.deb 
 
 
12.04 64bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_amd64.deb && dpkg -i  bash_4.2-2ubuntu2.2_amd64.deb 
 
12.04 32bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.2-2ubuntu2.2_i386.deb && dpkg -i  bash_4.2-2ubuntu2.2_i386.deb 
 
10.× 64bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_amd64.deb && dpkg -i bash_4.1-2ubuntu3.1_amd64.deb 
 
10.× 32bit 
wget http://mirrors.aliyun.com/fix_stuff/bash_4.1-2ubuntu3.1_i386.deb && dpkg -i bash_4.1-2ubuntu3.1_i386.deb 
 
 
debian: 
7.5 64bit && 32bit 
apt-get -y install --only-upgrade bash 
 
6.0.x 64bit 
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_amd64.deb &&  dpkg -i bash_4.1-3+deb6u1_amd64.deb 
 
6.0.x 32bit 
wget http://mirrors.aliyun.com/debian/pool/main/b/bash/bash_4.1-3%2bdeb6u1_i386.deb &&  dpkg -i bash_4.1-3+deb6u1_i386.deb 
 
opensuse: 
13.1 64bit 
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.x86_64.rpm && rpm -Uvh bash-4.2-68.4.1.x86_64.rpm 
 
 
13.1 32bit 
wget http://mirrors.aliyun.com/fix_stuff/bash-4.2-68.4.1.i586.rpm && rpm -Uvh bash-4.2-68.4.1.i586.rpm 
 
aliyun linux: 
5.x 64bit 
wget http://mirrors.aliyun.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm && rpm -Uvh bash-3.2-33.el5.1.x86_64.rpm 
 
5.x 32bit 
wget http://mirrors.aliyun.com/centos/5/updates/i386/RPMS/bash-3.2-33.el5.1.i386.rpm && rpm -Uvh bash-3.2-33.el5.1.i386.rpm

【修补完成测试】
升级bash后,执行测试:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

如果显示如上,表示已经修补了漏洞。

最近买房,忙着打了一堆证明~~所以blog短暂没有更新.

这个错误是昨天一个客户把兄弟单位的错误转过来的,这里感谢客户对我的信任.由于是生产,当时因为丢失了11w条数据,后来我远程给恢复完成后,客户工程师在调试过程中遭遇12537,该错误伴随Linux Error 29,当时电话交流时候初步判断网络出现回路,而经过一翻查验,问题确实出在Oracle网络上.

首先查证Oracle监听报错如下:

oracle@localhost ~]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 03-SEP-2014 17:09:56 Copyright (c) 1991, 2009, Oracle. All rights reserved.

Starting /opt/ora11g/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNS-12537: TNS:connection closed
TNS-12560: TNS:protocol adapter error
TNS-00507: Connection closed
Linux Error: 29: Illegal seek

Oracle DB的alert log报错如下:

Wed Sep 03 17:08:01 2014
Exception [type: SIGSEGV, Address not mapped to object] [ADDR:0x0] [PC:0x2F518C2, nttaddr2bnd()+2158] [flags: 0x0, count: 1]
Errors in file /opt/ora11g/diag/rdbms/jcls/JCLS/trace/JCLS_d000_7563.trc  (incident=9683):
ORA-07445: exception encountered: core dump [nttaddr2bnd()+2158] [SIGSEGV] [ADDR:0x0] [PC:0x2F518C2] [Address not mapped to object] []

经过以上的信息,作为trouble shooting的需求是应该对trace进行进一步分析的,但从排障以及及时恢复生产的角度,客户的紧迫度已到了一个比较崩神经的地步了,所以我还是从个人判断的角度检查了网路可能出现回路的几个地方查验,首先就是ip的设置如下:

hosts文件内容

oracle@localhost ~]$ 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
8.0.1.152   localhost

network内容:

oracle@localhost ~]$ 
NETWORKING=yes
HOSTNAME=localhost

按照自己的思路才检查就发现了问题所在了,主机名localhost冲突,而上面告警日志的07445的内存错误也初步怀疑是和该网络回路有关.

使用ping localhost时候会发现返回数据包的ip地址为127.0.0.1,这是这个错误的问题错在,而真实的情况是应该由8.0.1.152ip返回数据包,这里主要为hostname 设置出错.

[oracle@localhost ~]$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.030 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.030 ms
64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.040 ms
64 bytes from localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.032 ms
64 bytes from localhost (127.0.0.1): icmp_seq=7 ttl=64 time=0.030 ms

这里的处理办法为将8.0.1.152的ip对于的hostname改为对于的hostname(比如oradbhost01),然后更改network文件下的hostname,并通过命令hostname更新内存中的hostname,重启网络和修改监听的hostname并重启监听,问题可以得到解决.

TNS-12537 Linux Error: 29: Illegal seek