UID1
性别保密
注册时间2013-7-10
最后登录1970-1-1
回帖0
在线时间 小时
精华
SB
威望
随币
 成长值: 50580
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?立即注册
x
<p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>Bash爆出远程解析命令执行漏洞(CVE-2014-6271),波及各大Linux发行版与MacOSX系统。漏洞可以直接在Bash支持的Web CGI环境下远程执行任意命令。</strong><a href="http://www.freebuf.com/news/44805.html" target="_blank" title="" data_ue_src="http://www.freebuf.com/news/44805.html" style="color: rgb(247, 150, 70);">传送门</a><span style="color: rgb(51, 51, 51); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 21px; background-color: rgb(242, 242, 242);"></span></p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;">bash注入公开之后根据官方的文档发现,攻击者只要保持</p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"</span></pre><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;">中前四个字符不改变,也就是'(){ 固定,后面的:;}中符合规定的语法就可以进行攻击测试。虽然漏洞的影响非常大,但是相比于‘Openssl’来说,利用的环境是有限的。</p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px; text-align: center;">
</p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>防御bash注入的方法,首先需要更新bash,yum update下就OK了,更新到bash-4.1.2-15,或者是添加mod_security:</strong></p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">[ Request Header values:
SecRule REQUEST_HEADERS "^\(\) {" "phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"
SERVER_PROTOCOL values:
SecRule REQUEST_LINE "\(\) {" "phase:1,deny,id:1000001,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"
GET/POST names:
SecRule ARGS_NAMES "^\(\) {" "phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"
GET/POST values:
SecRule ARGS "^\(\) {" "phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"
File names for uploads:
SecRule FILES_NAMES "^\(\) {" "phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271 - Bash Att ]</span></pre><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>虽然有人给出了在iptable中添加规则,但是觉得在iptable中添加规则会规定的太死,不过也可以去尝试下</strong></p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">[ iptables --append INPUT -m string --algo kmp --hex-string '|28 29 20 7B|' --jump DROP
iptables using -m string --hex-string '|28 29 20 7B|' ]</span></pre><div><span class="pln" style="color: rgb(72, 72, 76);"><br></span></div> |
|
发表于 2014-9-25 18:49