Bash Shell, "Shellshock", Security Bug Fix (Ubuntu, CentOS).
A Linux Server Admin or User?
A recent security vulnerability has been discovered in the GNU Bourne Again Shell (Bash), If you use the Windows operating system, you can stop reading now. :) else, you might want to patch up your unix based o.s : Ubuntu, CentOS, Fedora and a bunch of other sweet guys.
The vulnerability dubbed by some as "Shellshock," has been reportedly found in use by an active exploit against Web servers.
So here is how you go about not being a victim.
Check state of your bash :
- Check if you are vulnerable by running this in your bash shell :
Command below :
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
A vulnerable system would output :
vulnerable
this is a test
A patched system should output :
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Fix
- For Ubuntu, run this on your Bash :
Command below :
sudo apt-get update && sudo apt-get upgrade
This downloads and installs all updates.
- For CentOS :
Command below :
yum update
This should update and patch your bash alongside any other updates.
Let me know if you have any issues in the comments.
Thanks.
Source : Bash Bug
UPDATE
As @montanaflynn pointed out in the comments, the above solution wouldn't work for older versions of Ubuntu.
Here is a script he added to work around that
#!/bin/sh
GCC=`which gcc`
if [ -z "$GCC" ]; then
echo "Your system does not have the GNU gcc complier installed."
echo "Please install the gcc complier and then run this script again."
exit 1
fi
echo "Creating tmp folder..."
cd /tmp
mkdir bash
cd bash
echo "Downloading Bash..."
wget -N https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
echo "Downloading Bash patches..."
while [ true ];
do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i);
if [ $? -ne 0 ];
then break;
fi;
done
echo "Extracting bash from tar.gz..."
tar zxvf bash-4.3.tar.gz
cd bash-4.3
echo "Applying Patches..."
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done
echo "Ready to install. Configuring..."
./configure --prefix=/
echo "Running make"
make
echo "Running make install"
if [[ "$USER" == "root" ]]
then
make install
cp /bin/bash /usr/local/bin/bash
else
sudo make install
sudo cp /bin/bash /usr/local/bin/bash
fi
echo "----------------------------------------------"
echo "Now open a new bash shell to see if it's still vulnerable."
Copy the content, paste into a file file.sh.
Run file.sh as a bash script.
Thanks @montanaflynn
Written by Akapo Damilola Francis
Related protips
4 Responses
Thanks -- tried it on one of my Ubuntu servers.
Once patched the, the check result only says "this is a test". Does not show the warning and error message.
@rajivperera That works. As long as the "vulnerable" doesn't echo. :)
For older versions of Ubuntu the apt-get repos won't have the fix. In that cases I recommend building from source. Here's a handy-dandy shell script to do it for you:
#!/bin/sh
GCC=`which gcc`
if [ -z "$GCC" ]; then
echo "Your system does not have the GNU gcc complier installed."
echo "Please install the gcc complier and then run this script again."
exit 1
fi
echo "Creating tmp folder..."
cd /tmp
mkdir bash
cd bash
echo "Downloading Bash..."
wget -N https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
echo "Downloading Bash patches..."
while [ true ];
do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i);
if [ $? -ne 0 ];
then break;
fi;
done
echo "Extracting bash from tar.gz..."
tar zxvf bash-4.3.tar.gz
cd bash-4.3
echo "Applying Patches..."
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done
echo "Ready to install. Configuring..."
./configure --prefix=/
echo "Running make"
make
echo "Running make install"
if [[ "$USER" == "root" ]]
then
make install
cp /bin/bash /usr/local/bin/bash
else
sudo make install
sudo cp /bin/bash /usr/local/bin/bash
fi
echo "----------------------------------------------"
echo "Now open a new bash shell to see if it's still vulnerable."
@montanaflynn Nice!! Adding it to the protip now.