正确的VF-V-014-Linux 远程命令漏洞修补方法

1、项目中用到RedHat5.6服务器，前段时间外界爆出VF-V-014-Linux bash远程命令执行漏洞。按照客户要求 升级补丁，先按照网上教的方法进行：

2、但是测试结果都与预期结果不符合，不能确认该漏洞已经被修补，只是打完相关补丁后 不影响我们项目基本消息流程。预期结果：env 旌忭檀挢x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' 如果显示上述信息，则不受影响。

3、实际测试结果：补丁升级前：[root@test228 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"vulnerablethis is a test

4、补丁升级后：（注意 在RH5.6下是两个rpm包更新 在RH6.4下是三个RPM包需要更新）[root@test228 ~]垆杪屑丝# rpm -Uvh bash-3.2-33.el5_11.4.x86_64.rpm warning: bash-3.2-33.el5_11.4.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%] 1:bash ########################################### [100%][root@test228 ~]# [root@test228 ~]# rpm -Uvh bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm warning: bash-debuginfo-3.2-33.el5_11.4.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%] 1:bash-debuginfo ########################################### [100%][root@test228 ~]#

5、最终结果：[root@test228 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"this is a test只是少了一行vulnerable

6、正确验证方法：在红帽官网找到了测试脚本，可以测试出结果：chmod +x shellshock-test.sh./shellshock-test.sh

7、升级前：[root@test228 ~]# ./shellshock-test.shThis system is vulnerable to CVE-2014-6271 <https://access.redhat.com/security/cve/CVE-2014-6271>This system is vulnerable to CVE-2014-7169 <https://access.redhat.com/security/cve/CVE-2014-7169>Please run 'yum update bash'. If you are using satellite or custom repos you need to update the channel with the latest bash version first before running 'yum update bash'. Please refer to 'https://access.redhat.com/articles/1200223' for more information

8、升级后：[root@test228 ~]#./shellshock-test.shThis system is safe from CVE-2014-6271 <https://access.redhat.com/security/cve/CVE-2014-6271>This system is safe from CVE-2014-7169 <https://access.redhat.com/security/cve/CVE-2014-7169>

9、按照官网所说，这个9月26日的补丁并没有完全彻底的解决问题。但是，目前这个是最新的补丁，也只能这样了。等待后续再发布新补丁吧。如果扫描仍然有漏洞，只能与客户解释一下。