-1

What seems to be wrong with my code below? I'm downloading and patching up to patch 18 which I understand is the patch for shellchock vulnerability. But I still get the vulnerability when running Bash.

Download source and patches

wget http://ftp.gnu.org/gnu/bash/bash-3.1.tar.gz
wget http://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-00{1..9} http://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-0{10..18}

Unpack and apply patches

tar -xvf bash-3.1.tar.gz
cd bash-3.1
find ../bash31-??? -exec /bin/sh -c 'patch -p0 <{}' \;

(Asside: the find command above just happens to return a sorted list because of shell globbing, but I know this is not always true for the find find)

Config, Make, Make Install

./configure --prefix /tmp/bash_patched && make && make install

Run bash

/tmp/bash_patched/bin/bash

The following should return /tmp/bash_patched/bin/bash 3.1.18(1)-release

echo $BASH $BASH_VERSION

Do the shellshock test

env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"

For me this returns

busted
stuff
bwDraco
  • 46,683
Adam Terrey
  • 209

3 Answers3

1

The issue is in the test /bin/sh remains vulnerable on the system until installing at the root. A better test would be env X="() { :;} ; echo busted" /tmp/bash_patched/bin/bash -c "echo stuff"

Adam Terrey
  • 209
0

The shellshock patches are actualy 19 and 20. The wget is not downloading those. Haven't tested it yet but changing the second command to 

wget http://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-00{1..9} http://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-0{10..19} http://ftp.gnu.org/gnu/bash/bash-3.1-patches/bash31-020

should make it work

Dobromir Velev
  • 1
0

Did you try looking at the script described in Super User question 816787? It worked like a champ for my Ubuntu machines, about 15 min per server including VMware snapshots, with no reboot required.

JanFrazini
  • 21