The Shellshock Bash Bug

Last updated on 
The Shellshock Bash Bug

Uhhhh - it's scary times!
Luckily Steve Jenkins did a master piece on patching Bash and here it is :)

steps

1: vulnerable?

First you should definitely test to see if you are at all vulnerable
You test it like this:

test 1
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

if you see 'vulnerable' in the output - skip right to step 2! Otherwise keep testing

test 2
cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo

if you see 'date' and nothing else in the output - you in the green and run test 3!

test 3
env -i X=' () { }; echo hello' bash -c 'date'

if you see 'hello' - skip to step 2!

test 4
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

if you see vulnerable - skip to step 2!

test 5
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

if you see don't see 'vulnerable' - you're green!

2: Prepare for patching

Make a copy of bash by giving this command:

sudo cp `which bash` ~/bash-unpatched-copy

Determine version by

bash --version

Setup patching environment

mkdir /usr/local/src/bashfix
cd /usr/local/src/bashfix

Get tools

sudo yum install patch byacc bison autoconf

Download Bash source

wget https://ftp.gnu.org/pub/gnu/bash/bash-4.2.tar.gz
tar zxvf bash-4.2.tar.gz
cd bash-4.2
3: Get patches

Get the patches and apply them by downloading this script, make it executable and edit it to reflect the Bash version, and the number of patched

wget https://gist.githubusercontent.com/stevejenkins/3d64d3543060c1bcac92/raw/1ab592f5c8b584e9a0debf8e2ccbcac50cbf6e73/bash-multipatch.sh

Finally apply the patches with

./bash-multipatch.sh
4: Build new Bash

Keep an eye on that monitor – but if everything looks dandy you go build that bash with

./configure
make

Does that even prove to fly - better throw that new bash in place with

sudo cp -f bash /bin/bash
5: Test again

Test like before - and when green all the way - read on here!