#shellshock fix from sources

If like me you maintain Gnu systems that are no longer maintained from the official depositories, thanks to the free software model we are able to solve that issue.

Based on: http://readwrite.com/2014/09/26/macs-apple-vulnerable-shellshock-bug-fix-patch

Dependencies:

  • gcc
  • patch
  • curl

Bash 4.3 fix

# yes you are vulnerable
which bash

env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"

bash --version 
cd
mkdir -p bash-fix
cd bash-fix
curl http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz | tar xzvf -
cd bash-4.3/
# could patch only with the 8 but let's apply all
for num in 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26; do 
  curl http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-0$num | patch -p0
done
./configure
make

# No more vulnerable!
env x='() { :;}; echo vulnerable' ./bash -c "echo you are"

# replacing buggy binary bash
cp -f ./bash /bin/bash
env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"

Bash 2.05b fix

# yes you are vulnerable
which bash

env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"

bash --version 
cd
mkdir -p bash-fix
cd bash-fix
curl http://ftp.gnu.org/gnu/bash/bash-2.05b.tar.gz | tar xzvf -
cd bash-2.05b/
# could patch only with the 8 but let's apply all
for num in 1 2 3 4 5 6 7 8 9; do curl http://ftp.gnu.org/gnu/bash/bash-2.05b-patches/bash205b-00$num | patch -p0 ; done
./configure
make

# No more vulnerable!
env x='() { :;}; echo vulnerable' ./bash -c "echo you are"

# replacing buggy binary bash
cp -f ./bash /bin/bash
env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"

Bash bash-3.2 fix

# yes you are vulnerable

which bash
env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"

bash --version 
cd
mkdir -p bash-fix
cd bash-fix
curl http://ftp.gnu.org/gnu/bash/bash-3.2.48.tar.gz | tar xzvf -
cd bash-3.2.48/
# could patch only with the 52 but let's apply all
for num in 49 50 51 52 53; do curl http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-0$num | patch -p0 ; done
./configure
make

# No more vulnerable
env x='() { :;}; echo vulnerable' ./bash -c "echo you are"

# replacing buggy binary bash
cp -f ./bash /bin/bash
env x='() { :;}; echo vulnerable' /bin/bash -c "echo you are"
 
bash-fix.txt · Dernière modification: Le 29/09/2014 à 09:49 par gilles_lamiral     Haut de page
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Design by Chirripó