[3-4] Bash Shellshock 취약점

• CVE-2014-6271, CVE-2014-7169
• env x='() { :;}; ' 명령은 함수 형식으로 환경변수를 설정하는 방법이다. (:은 참을 의미)
• 만약, 명령어가 끝나는 ; 뒤에 오는 명령어는 오류가 발생되거나, 실행되지 않는게 원칙이다.
• 취약점이 있는 경우에는 ; 뒤에 오는 명령어가 실행되기 때문에 시스템 자원 접근 및 악의적인 명령을 실행 시킬수 있다.
• Bash Shellshock 취약점을 이용한 Reverse TCP 연결

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 

[참고] CentOS 5.10 Yum Repo 변경

cat << 'EOF' > /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://linuxsoft.cern.ch/centos-vault/5.11/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates 
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=http://linuxsoft.cern.ch/centos-vault/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://linuxsoft.cern.ch/centos-vault/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=http://linuxsoft.cern.ch/centos-vault/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib&infra=$infra
baseurl=http://linuxsoft.cern.ch/centos-vault/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
EOF