Last Updated: February 25, 2016
·
1.295K
· fdamilola

Bash Shell, "Shellshock", Security Bug Fix (Ubuntu, CentOS).

A Linux Server Admin or User?

A recent security vulnerability has been discovered in the GNU Bourne Again Shell (Bash), If you use the Windows operating system, you can stop reading now. :) else, you might want to patch up your unix based o.s : Ubuntu, CentOS, Fedora and a bunch of other sweet guys.

The vulnerability dubbed by some as "Shellshock," has been reportedly found in use by an active exploit against Web servers.

So here is how you go about not being a victim.

Check state of your bash :

  • Check if you are vulnerable by running this in your bash shell :

Command below :

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

A vulnerable system would output :

vulnerable
this is a test

A patched system should output :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Fix

  • For Ubuntu, run this on your Bash :

Command below :

sudo apt-get update && sudo apt-get upgrade

This downloads and installs all updates.

  • For CentOS :

Command below :

yum update

This should update and patch your bash alongside any other updates.

Let me know if you have any issues in the comments.

Thanks.

Source : Bash Bug

UPDATE

As @montanaflynn pointed out in the comments, the above solution wouldn't work for older versions of Ubuntu.

Here is a script he added to work around that

#!/bin/sh

GCC=`which gcc`
if [ -z "$GCC" ]; then
echo "Your system does not have the GNU gcc complier installed."
echo "Please install the gcc complier and then run this script again."
exit 1
fi

echo "Creating tmp folder..."
cd /tmp
mkdir bash
cd bash
echo "Downloading Bash..."
wget -N https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
echo "Downloading Bash patches..."
while [ true ];
    do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i);
if [ $? -ne 0 ];
    then break;
fi;
done
echo "Extracting bash from tar.gz..."
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
echo "Applying Patches..."
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done

echo "Ready to install. Configuring..."
./configure --prefix=/
echo "Running make"
make
echo "Running make install"
if [[ "$USER" == "root" ]]
then
make install
cp /bin/bash /usr/local/bin/bash
else
sudo make install
sudo cp /bin/bash /usr/local/bin/bash
fi

echo "----------------------------------------------"
echo "Now open a new bash shell to see if it's still vulnerable."

Copy the content, paste into a file file.sh.
Run file.sh as a bash script.

Thanks @montanaflynn

4 Responses
Add your response

Thanks -- tried it on one of my Ubuntu servers.
Once patched the, the check result only says "this is a test". Does not show the warning and error message.

over 1 year ago ·

@rajivperera That works. As long as the "vulnerable" doesn't echo. :)

over 1 year ago ·

For older versions of Ubuntu the apt-get repos won't have the fix. In that cases I recommend building from source. Here's a handy-dandy shell script to do it for you:

#!/bin/sh

GCC=`which gcc`
if [ -z "$GCC" ]; then
    echo "Your system does not have the GNU gcc complier installed."
    echo "Please install the gcc complier and then run this script again."
    exit 1
fi

echo "Creating tmp folder..."
cd /tmp
mkdir bash
cd bash
echo "Downloading Bash..."
wget -N https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
echo "Downloading Bash patches..."
while [ true ];
    do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i);
    if [ $? -ne 0 ];
        then break;
    fi;
done
echo "Extracting bash from tar.gz..."
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
echo "Applying Patches..."
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done

echo "Ready to install. Configuring..."
./configure --prefix=/
echo "Running make"
make
echo "Running make install"
if [[ "$USER" == "root" ]]
then
  make install
  cp /bin/bash /usr/local/bin/bash
else
  sudo make install
  sudo cp /bin/bash /usr/local/bin/bash
fi

echo "----------------------------------------------"
echo "Now open a new bash shell to see if it's still vulnerable."
over 1 year ago ·

@montanaflynn Nice!! Adding it to the protip now.

over 1 year ago ·