如何在 FreeBSD 上检查和升级 Bash - 与 Shellshock 错误相关
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26041877/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to check and upgrade Bash on FreeBSD - related to the Shellshock bug
提问by Django Fett
I read the article A Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)this morning when I came into work. I have updated Bashon most of my systems that I am responsible for, however, I was asked to upgrade Bash on a couple of FreeBSDservers.
今天早上上班时,我阅读了通过特制环境变量的 Bash 代码注入漏洞 (CVE-2014-6271)一文。我已经在我负责的大多数系统上更新了Bash,但是,我被要求在几个FreeBSD服务器上升级 Bash 。
How do I check which version of Bash is running on FreeBSD and how do I patch it to get rid of this exploit?
我如何检查 FreeBSD 上运行的是哪个版本的 Bash 以及如何修补它以摆脱这个漏洞?
回答by Michael Le Barbier Grünewald
You can verify the installed version of bashwith
您可以验证的安装版本bash与
pkg info bash
The patched version of bashis already in the ports tree, you can therefore upgrade it like any application.
的修补版本bash是已经在港口树,你可以因此,类似的任何应用程序进行升级。
Once bashhas been rebuilt by the package build farm, you can upgrade bashas you would upgrade any package, with
一旦bash被包构建场重建,你可以bash像升级任何包一样升级,使用
pkg upgrade bash
If you are not familiar with pkgyou should read the appropriate chapter in the Handbook.
Important note.At the time of writing it seems that the package is not yet available, so here is the manual procedure to build your own package from sources:
重要的提示。在撰写本文时,该软件包似乎尚不可用,因此以下是从源构建您自己的软件包的手动过程:
1.Be sure to upgrade your ports treebefore trying to upgrade.
1.在尝试升级之前,请务必升级您的端口树。
2.Move your shell to the ports directory and build
2.将你的shell移动到ports目录并构建
cd /usr/ports/shell/bash
make BATCH=yes build
3.Replace the old batchwith
3.替换旧batch的
make BATCH=yes deinstall
make BATCH=yes reinstall
回答by zerodiff
From this Ask Ubuntuanswer, a command to check this is:
从这个Ask Ubuntuanswer,检查这个的命令是:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you get vulnerable, it's still vulnerable.
如果你得到vulnerable,它仍然是脆弱的。
This should work with Bash on any system to test the vulnerability, AFAIK. I've tested on SUSEand Red Hat Linux, but they're not BSDs. To check the version, it should be similar to other systems:
这应该适用于任何系统上的 Bash 来测试漏洞 AFAIK。我已经在SUSE和Red Hat Linux上进行了测试,但它们不是 BSD。要检查版本,它应该与其他系统类似:
$ echo $BASH_VERSION
4.3.11(1)-release
$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
See the FreeBSD forumsfor more information on downloading/installing the patch. From that link:
有关下载/安装补丁的更多信息,请参阅FreeBSD 论坛。从该链接:
Everything before 4.3.25 is vulnerable, 4.3.25 should contain the fix.
4.3.25 之前的所有内容都是易受攻击的,4.3.25 应该包含修复程序。
