"CVE-2014-6271 쉘쇼크 Bash 취약점 조치"의 두 판 사이의 차이

2020년 11월 2일 (월) 00:40 판

✔️ CentOS 5 + bash 3.2, CentOS 6 + bash 4.1.2, CentOS 7 + bash 4.2.45에서 테스트하였습니다.

1 개요

shellshock
[CVE-2014-6271] GNU Bash 원격코드 인젝션 취약점 확인 및 조치
2014년 9월 Bourne Again Shell(Bash) 취약점 보안 업데이트
쉘쇼크, 셸쇼크, 쉘쇼크 해결방법, 조치방법

CentOS 6: bash-4.1.2-15.el6_4.x86_64 → bash-4.1.2-15.el6_5.2.x86_64
CentOS 7: bash-4.2.45-5.el7.x86_64 → bash-4.2.45-5.el7_0.4.x86_64

2 확인방법

<syntaxhighlight lang='bash'> env x='() { :;}; echo vulnerable' bash -c "echo this is a test" </source> <syntaxhighlight lang='bash'> rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo </source> <syntaxhighlight lang='bash'> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno" </source>

3 확인 1 (취약)

<syntaxhighlight lang='console'> [root@zetawiki ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test </source>

→ echo vulnerable이 수행되었으므로 취약함

<syntaxhighlight lang='console'> [root@zetawiki ~]# rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo sh: X: line 1: syntax error near unexpected token `=' sh: X: line 1: `' sh: error importing function definition for `X' Sun Feb 15 18:41:31 KST 2015 </source>

→ date 명령어가 실행되고 echo 파일이 생성되었으므로 취약함

<syntaxhighlight lang='console'> [root@zetawiki ~]# (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || > echo "CVE-2014-7187 vulnerable, word_lineno" bash: line 129: syntax error near `x129' bash: line 129: `for x129 in ; do :' CVE-2014-7187 vulnerable, word_lineno </source>

→ echo ... 명령어가 수행되었으므로 취약함

4 Bash 버전 확인

Bash 버전 확인 문서를 참고하십시오.

<syntaxhighlight lang='console'> [root@zetawiki ~]# rpm -qa | grep bash bash-3.2-32.el5 </source> <syntaxhighlight lang='console'> [root@zetawiki ~]# rpm -qa | grep bash bash-4.1.2-15.el6_4.x86_64 </source>

5 Bash 업데이트

<syntaxhighlight lang='console'> [root@zetawiki ~]# yum update bash ... (생략)

5.1 ====================================================

Package    Arch         Version               Repository  Size

5.2 ====================================================

Updating:

bash       x86_64       4.1.2-29.el6          base       907 k

Transaction Summary

5.3 ====================================================

Upgrade 1 Package(s)

Total download size: 907 k Is this ok [y/N]: y </source> <syntaxhighlight lang='console'> ... (생략) Updated:

 bash.x86_64 0:4.1.2-29.el6

Complete! </source>

6 확인 2 (안전)

<syntaxhighlight lang='console'> [root@zetawiki ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" this is a test </source> <syntaxhighlight lang='console'> [root@zetawiki ~]# rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo date cat: echo: No such file or directory </source> <syntaxhighlight lang='console'> [root@zetawiki ~]# (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || > echo "CVE-2014-7187 vulnerable, word_lineno" </source>

7 같이 보기

8 참고

@@ 10번째 줄: / 10번째 줄: @@
 ==확인방법==
-<source lang='bash'>
+<syntaxhighlight lang='bash'>
 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 </source>
-<source lang='bash'>
+<syntaxhighlight lang='bash'>
 rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo
 </source>
-<source lang='bash'>
+<syntaxhighlight lang='bash'>
 (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
 echo "CVE-2014-7187 vulnerable, word_lineno"
@@ 22번째 줄: / 22번째 줄: @@
 ==확인 1 (취약)==
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 vulnerable
@@ 28번째 줄: / 28번째 줄: @@
 </source>
 :→ <code>echo vulnerable</code>이 수행되었으므로 취약함
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo
 sh: X: line 1: syntax error near unexpected token `='
@@ 36번째 줄: / 36번째 줄: @@
 </source>
 :→ date 명령어가 실행되고 echo 파일이 생성되었으므로 취약함
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
 > echo "CVE-2014-7187 vulnerable, word_lineno"
@@ 47번째 줄: / 47번째 줄: @@
 ==Bash 버전 확인==
 {{참고|Bash 버전 확인}}
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# rpm -qa | grep bash
 bash-3.2-32.el5
 </source>
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# rpm -qa | grep bash
 bash-4.1.2-15.el6_4.x86_64
@@ 57번째 줄: / 57번째 줄: @@
 ==Bash 업데이트==
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# yum update bash
 ... (생략)
@@ 73번째 줄: / 73번째 줄: @@
 Is this ok [y/N]: y
 </source>
-<source lang='console'>
+<syntaxhighlight lang='console'>
 ... (생략)
 Updated:
@@ 82번째 줄: / 82번째 줄: @@
 ==확인 2 (안전)==
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 this is a test
 </source>
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# rm -f echo; env X='() { (a)=>\' sh -c "echo date"; cat echo
 date
 cat: echo: No such file or directory
 </source>
-<source lang='console'>
+<syntaxhighlight lang='console'>
 [root@zetawiki ~]# (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
 > echo "CVE-2014-7187 vulnerable, word_lineno"