BASH Shell Bug(Shellshock:CVE-2014-7169 / CVE-2014-6271) for Solaris 10 檢測及更新

我們的機器是SPARC CPU、Solaris 10 64bit(SunOS 5.10),以下列的指令檢測Bash Shell:
bash-3.2# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable
this is a test
出現了vulneralbe,表示Bash Shell存在漏洞 CVE-2014-6271

再依下列的指令檢測:
bash-3.2# env X='() { (a)=>\' bash -c "echo date"; cat echo

bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Tue Sep 30 10:57:35 CST 2014
出現了時間,表示Bash Shell存在漏洞 CVE-2014-7169

因此到Metalink尋找解決的Patch,找到了Patch-ID# 126546-07,並將126546-07.zip下載下來。

不要在Windows 7的機器解壓縮後再上傳,不然有可能會像我出現下列的訊息,無法正確更新

# patchadd /var/spool/patch/126546-07

Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
The following requested patches do not update any packages installed on the system
No Packages from patch 126546-07 are installed on the system.
No patches to dependency check.

直接將126546-07.zip上傳到Solaris的機器上面(例如上傳至/var/spool/patch),再解壓縮如下:
# cd /var/spool/patch
# unzip 126546-07.zip

Archive:  126546-07.zip
   creating: 126546-07/
  inflating: 126546-07/prepatch    
  inflating: 126546-07/patchinfo  
  inflating: 126546-07/postbackout
 (...略)

解完壓縮後,執行更新步驟(我是在C Shell下執行的)
# patchadd /var/spool/patch/126546-07

Validating patches...

Loading patches installed on the system...

Done!

Loading patches requested to install.

Done!

The following requested patches have packages not installed on the system
Package SUNWbashS from directory SUNWbashS in patch 126546-07 is not installed on the system. Changes for package SUNWbashS will not be applied to the system.

Checking patches that you specified for installation.

Done!

Approved patches will be installed in this order:

126546-07

Checking installed patches...
Executing prepatch script...
Installing patch packages...

Patch 126546-07 has been successfully installed.
See /var/sadm/patch/126546-07/log for details
Executing postpatch script...

Patch packages installed:
  SUNWbash
  SUNWsfman


完成更新之後,再重新驗證一次
bash-3.2# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

this is a test
沒有出現vulnerable

bash-3.2# env X='() { (shellshocker)=>\' bash -c "echo date"; cat echo ; rm -f echo

date
cat: cannot open echo
沒有出現日期


32位元
Key:IcxSquDqeWUGZDkLrD61j35mCti72tGFCcfuS5vBnOM

64位元
Key:cAb3LDPmc4NOeT7M2tpgZdroPsIVZG7BwhX_DRQ_3lU