{"id":410,"date":"2014-09-25T08:20:06","date_gmt":"2014-09-25T07:20:06","guid":{"rendered":"http:\/\/prodhostingsrbija.net\/blog\/?p=410"},"modified":"2014-09-25T08:41:21","modified_gmt":"2014-09-25T07:41:21","slug":"apdejt-svih-servera-nakon-objave-remote-exploit-a-bash-skripti-bash-cve-2014-6271","status":"publish","type":"post","link":"https:\/\/prodhostingsrbija.net\/blog\/apdejt-svih-servera-nakon-objave-remote-exploit-a-bash-skripti-bash-cve-2014-6271\/","title":{"rendered":"Apdejt svih servera nakon objave Remote exploit-a Bash skripti [bash CVE-2014-6271]"},"content":{"rendered":"<p><strong>Postovani,<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Nakon sinocnje objave ogromnog shell propusta objavljenog na sajtu :<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"http:\/\/www.csoonline.com\/article\/2687265\/application-security\/remote-exploit-in-bash-cve-2014-6271.html\">http:\/\/www.csoonline.com\/article\/2687265\/application-security\/remote-exploit-in-bash-cve-2014-6271.html<\/a><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Danas cemo hitno patchovati sve servere kako bi zastitili neovlasceni ulazak i hakovanje.<\/strong><\/p>\n<p><strong>Usporeni rad servera je moguc u odredjenom delu dana maksimum 15 minuta.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h2 style=\"font-size: 19px; font-family: Overpass, 'Liberation Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">Dijagnostikovanje (za korisnike vps sistema)<\/h2>\n<p style=\"font-family: 'Liberation Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">Da izvrsite testiranje Vaseg Bash shell-a pokrenite sledecu komandu:<\/p>\n<pre style=\"font-family: 'Liberation Sans', 'Luxi Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">$ env x='() { :;}; echo vulnerable'  bash -c \"echo this is a test\"<\/pre>\n<p style=\"font-family: 'Liberation Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">Ukoliko rezultat dobijete ovako:<\/p>\n<pre style=\"font-family: 'Liberation Sans', 'Luxi Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">vulnerable\r\nthis is a test<\/pre>\n<p style=\"font-family: 'Liberation Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">onda to znaci da koristite ranjivu verziju bash-a na vasem serveru. Pokrenite odmah yum update i resetujte Vas vps server.<\/p>\n<p style=\"font-family: 'Liberation Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">Nakon reboot-a sistema pokrenite opet komandu za dijagnostiku i trebalo bi da dobijete sledeci rezultat:<\/p>\n<pre style=\"font-family: 'Liberation Sans', 'Luxi Sans', 'Trebuchet MS', 'Bitstream Vera Sans', helvetica, verdana, arial, sans-serif;\">$ env x='() { :;}; echo vulnerable'  bash -c \"echo this is a test\"\r\nbash: warning: x: ignoring function definition attempt\r\nbash: error importing function definition for `x'\r\nthis is a test<\/pre>\n<p>Sada je Vas sistem potpuno bezbedan.<\/p>\n<p><strong>Srdacan pozdrav,<\/strong><\/p>\n<p><strong>ProdHostingNET Sistem Administrator tim.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Postovani, &nbsp; Nakon sinocnje objave ogromnog shell propusta objavljenog na sajtu : &nbsp; http:\/\/www.csoonline.com\/article\/2687265\/application-security\/remote-exploit-in-bash-cve-2014-6271.html &nbsp; Danas cemo hitno patchovati sve servere kako bi zastitili neovlasceni ulazak i hakovanje. Usporeni rad servera je moguc u odredjenom delu dana maksimum 15 minuta. &nbsp; Dijagnostikovanje (za korisnike vps sistema) Da izvrsite testiranje Vaseg Bash shell-a pokrenite sledecu komandu: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[305,304,302,303,301],"_links":{"self":[{"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/posts\/410"}],"collection":[{"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/comments?post=410"}],"version-history":[{"count":3,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/posts\/410\/revisions"}],"predecessor-version":[{"id":413,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/posts\/410\/revisions\/413"}],"wp:attachment":[{"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/media?parent=410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/categories?post=410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prodhostingsrbija.net\/blog\/wp-json\/wp\/v2\/tags?post=410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}