Criticical BASH vulnerability discovered – update BASH on your CentOS7

[rprasad@vm ~]$ sudo env x='() { :;}; echo vulnerable' bash -c "echo this is a test"         //Run following command to check. If it outputs vulnerable then our bash is vulnerable
vulnerable
this is a test
[rprasad@vm ~]$sudo su -                                               //Become root
[root@vm ~]# yum clean all && yum update bash
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up everything
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
extras                                                   | 3.4 kB     00:00
updates                                                  | 3.4 kB     00:00
(1/4): base/7/x86_64/group_gz                              | 154 kB   00:00
(2/4): extras/7/x86_64/primary_db                          |  41 kB   00:00
(3/4): updates/7/x86_64/primary_db                         | 956 kB   00:01
(4/4): base/7/x86_64/primary_db                            | 5.1 MB   00:03
Determining fastest mirrors
 * base: mirror.upsi.edu.my
 * extras: mirror.upsi.edu.my
 * updates: mirror.upsi.edu.my
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.2.45-5.el7 will be updated
---> Package bash.x86_64 0:4.2.46-12.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package        Arch             Version                   Repository      Size
================================================================================
Updating:
 bash           x86_64           4.2.46-12.el7             base           1.0 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 1.0 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
bash-4.2.46-12.el7.x86_64.rpm                              | 1.0 MB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : bash-4.2.46-12.el7.x86_64                                    1/2
  Cleanup    : bash-4.2.45-5.el7.x86_64                                     2/2
  Verifying  : bash-4.2.46-12.el7.x86_64                                    1/2
  Verifying  : bash-4.2.45-5.el7.x86_64                                     2/2

Updated:
  bash.x86_64 0:4.2.46-12.el7

Complete!
[root@vm ~]#
[root@vm ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"                  //Run again command to check
this is a test
[root@vm ~]#

Ref: Centos Blog

Comments

Post a Comment

Popular posts from this blog

Xmanager RHEL 6 xclock :command not found -- Resolved

Image
1) If your system is entitled to Red Hat support (or if it's a CentOS machine), just yum install xorg-x11-apps. other usefull yum(1) commands: yum provides '*/xclock' yum grouplist yum groupinstall 'X Window System' Ref: http://serverfault.com/questions/206961/xwindows-on-red-hat-linux 2)check /etc/ssh/sshd_config:- #X11Forwarding no X11Forwarding yes                          <---Make sure this is not commented #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no 3)Make Xmanage run in Passive mode 4) Putty Settings :- 5) Here's the output of the screen:
Read more

Racktable on ubuntu installation

Racktable dependency packages :- rajeshp@ubuntu01:~$sudo apt-get install apache2 apache2.2-common libapache2-mod-php5 \ php5-snmp php5-ldap php5 php5-common php5-gd curl php5-mysql \ mysql-client mysql-common mysql-server \ Add user for Racktable:- rajeshp@ubuntu01:~$sudo useradd -u 4000 -g users -s /sbin/nologin -c "RackTables User" -md /home/racktables racktables MYSQL for Racktables :- mysql> create database racktables; mysql> grant all on racktables.* to root; mysql> grant all on racktables.* to root@localhost; mysql> grant all on racktables.* to rackuser; mysql> grant all on racktables.* to rackuser@localhost; mysql> grant all on racktables.* to 'rackuser'@'localhost' identified by 'rackpw'; mysql> exit chown www-data:www-data secret.php; chmod 400 secret.php
Read more

RPM Tit-Bits ;-)

The -U qualifier is used for updating an RPM to the latest version, the -h qualifier gives a list of hash # characters during the installation and the -v qualifier prints verbose status messages while the command is run. Here is an example of a typical RPM installation command to install the MySQL server package: [root@localhost rajesh]# rpm -Uvh mysql-server-5.1.52-1.el6_0.1.x86_64 Preparing...        ####################### [100%]   1:mysql-server   ####################### [100%] Installing Source RPMs :- Compiling and installing source RPMs with Fedora can be done simply with the rpmbuild command [root@localhost rajesh]# rpmbuild --rebuild filename123.src.rpm [root@localhost rajesh]# rpm -qi openssh Name        : openssh                      Relocations: (not relocatable) Version...
Read more