设为首页收藏本站

安而遇随-随遇而安

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 1832|回复: 0

最新Bash漏洞修补初级方案

[复制链接]

 成长值: 50900

发表于 2014-9-25 18:49 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?立即注册

x
<p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>Bash爆出远程解析命令执行漏洞(CVE-2014-6271),波及各大Linux发行版与MacOSX系统。漏洞可以直接在Bash支持的Web CGI环境下远程执行任意命令。</strong><a href="http://www.freebuf.com/news/44805.html" target="_blank" title="" data_ue_src="http://www.freebuf.com/news/44805.html" style="color: rgb(247, 150, 70);">传送门</a><span style="color: rgb(51, 51, 51); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 21px; background-color: rgb(242, 242, 242);"></span></p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;">bash注入公开之后根据官方的文档发现,攻击者只要保持</p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">$&nbsp;env&nbsp;x='()&nbsp;{&nbsp;:;};&nbsp;echo&nbsp;vulnerable'&nbsp;bash&nbsp;-c&nbsp;"echo&nbsp;this&nbsp;is&nbsp;a&nbsp;test"</span></pre><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;">中前四个字符不改变,也就是'(){ 固定,后面的:;}中符合规定的语法就可以进行攻击测试。虽然漏洞的影响非常大,但是相比于‘Openssl’来说,利用的环境是有限的。</p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px; text-align: center;"> 14116339411918.jpg </p><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>防御bash注入的方法,首先需要更新bash,yum update下就OK了,更新到bash-4.1.2-15,或者是添加mod_security:</strong></p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">[&nbsp;&nbsp;&nbsp;Request&nbsp;Header&nbsp;values:
SecRule&nbsp;REQUEST_HEADERS&nbsp;"^\(\)&nbsp;{"&nbsp;"phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:'CVE-2014-6271&nbsp;-&nbsp;Bash&nbsp;Attack'"
SERVER_PROTOCOL&nbsp;values:
SecRule&nbsp;REQUEST_LINE&nbsp;"\(\)&nbsp;{"&nbsp;"phase:1,deny,id:1000001,status:400,log,msg:'CVE-2014-6271&nbsp;-&nbsp;Bash&nbsp;Attack'"
GET/POST&nbsp;names:
SecRule&nbsp;ARGS_NAMES&nbsp;"^\(\)&nbsp;{"&nbsp;"phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271&nbsp;-&nbsp;Bash&nbsp;Attack'"
GET/POST&nbsp;values:
SecRule&nbsp;ARGS&nbsp;"^\(\)&nbsp;{"&nbsp;"phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271&nbsp;-&nbsp;Bash&nbsp;Attack'"
File&nbsp;names&nbsp;for&nbsp;uploads:
SecRule&nbsp;&nbsp;FILES_NAMES&nbsp;"^\(\)&nbsp;{"&nbsp;&nbsp;"phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271&nbsp;&nbsp;-&nbsp;Bash&nbsp;Att&nbsp;&nbsp;&nbsp;&nbsp;]</span></pre><p style="padding-top: 6px; padding-bottom: 4px; overflow: hidden; color: rgb(102, 102, 102); font-family: 微软雅黑, 'Microsoft YaHei', 'WenQuanYi Micro Hei'; font-size: 13px; line-height: 24px;"><strong>虽然有人给出了在iptable中添加规则,但是觉得在iptable中添加规则会规定的太死,不过也可以去尝试下</strong></p><pre class="prettyprint lang-html prettyprinted" style="padding: 8px; background-color: rgb(247, 247, 249); border: 1px solid rgb(225, 225, 232); white-space: pre-wrap; word-break: break-all; color: rgb(102, 102, 102); font-size: 13px; line-height: 24px;"><span class="pln" style="color: rgb(72, 72, 76);">[&nbsp;&nbsp;iptables&nbsp;--append&nbsp;INPUT&nbsp;-m&nbsp;string&nbsp;--algo&nbsp;kmp&nbsp;--hex-string&nbsp;'|28&nbsp;29&nbsp;20&nbsp;7B|'&nbsp;--jump&nbsp;DROP
iptables&nbsp;using&nbsp;-m&nbsp;string&nbsp;--hex-string&nbsp;'|28&nbsp;29&nbsp;20&nbsp;7B|'&nbsp;&nbsp;&nbsp;&nbsp;]</span></pre><div><span class="pln" style="color: rgb(72, 72, 76);"><br></span></div>
随遇而安
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表