Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

astuces:bash-fix [Le 30/01/2019 à 16:36] (Version actuelle)
jaxom déplacement catégorie
Ligne 1: Ligne 1:
  
 +#shellshock fix from sources
 +
 +If like me you maintain Gnu systems that are no longer maintained from the official depositories,
 +thanks to the free software model we are able to solve that issue.
 +
 +Based on: http://readwrite.com/2014/09/26/macs-apple-vulnerable-shellshock-bug-fix-patch
 +
 +Dependencies:
 +  * gcc
 +  * patch
 +  * curl
 +
 +
 +====== Bash 4.3 fix ======
 +
 +<code>
 +# yes you are vulnerable
 +which bash
 +
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +
 +bash --version 
 +cd
 +mkdir -p bash-fix
 +cd bash-fix
 +curl http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz | tar xzvf -
 +cd bash-4.3/
 +# could patch only with the 8 but let's apply all
 +for num in 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26; do 
 +  curl http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-0$num | patch -p0
 +done
 +./configure
 +make
 +
 +# No more vulnerable!
 +env x='() { :;}; echo vulnerable' ./bash -c "echo you are"
 +
 +# replacing buggy binary bash
 +cp -f ./bash /bin/bash
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +</code>
 +
 +====== Bash 2.05b fix ======
 +
 +<code>
 +# yes you are vulnerable
 +which bash
 +
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +
 +bash --version 
 +cd
 +mkdir -p bash-fix
 +cd bash-fix
 +curl http://ftp.gnu.org/gnu/bash/bash-2.05b.tar.gz | tar xzvf -
 +cd bash-2.05b/
 +# could patch only with the 8 but let's apply all
 +for num in 1 2 3 4 5 6 7 8 9; do curl http://ftp.gnu.org/gnu/bash/bash-2.05b-patches/bash205b-00$num | patch -p0 ; done
 +./configure
 +make
 +
 +# No more vulnerable!
 +env x='() { :;}; echo vulnerable' ./bash -c "echo you are"
 +
 +# replacing buggy binary bash
 +cp -f ./bash /bin/bash
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +</code>
 +
 +====== Bash bash-3.2 fix ======
 +
 +<code>
 +# yes you are vulnerable
 +
 +which bash
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +
 +bash --version 
 +cd
 +mkdir -p bash-fix
 +cd bash-fix
 +curl http://ftp.gnu.org/gnu/bash/bash-3.2.48.tar.gz | tar xzvf -
 +cd bash-3.2.48/
 +# could patch only with the 52 but let's apply all
 +for num in 49 50 51 52 53; do curl http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-0$num | patch -p0 ; done
 +./configure
 +make
 +
 +# No more vulnerable
 +env x='() { :;}; echo vulnerable' ./bash -c "echo you are"
 +
 +# replacing buggy binary bash
 +cp -f ./bash /bin/bash
 +env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 +</code>
 
astuces/bash-fix.txt · Dernière modification: Le 30/01/2019 à 16:36 par jaxom     Haut de page
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Design by Chirripó