Debian Etch patch ShellShock (BashDoor) vulnerability

Share and Enjoy !

Shares

Generally speaking if your hosting is using Debian Etch nowadays it is time to consider moving to a more contemporary OS. Nevertheless, here are the instructions on how to patch bash on Debian Etch to fix the ShellShock vulnerability:

[cc lang=”bash”]

#first find out the version you have so you know what to get for the patches and source files
dpkg-query -l|grep bash
ii bash 3.2-4 The GNU Bourne Again SHell

#do this in the /usr/src dir
cd /usr/src
wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
tar zxvf bash-3.2.tar.gz
cd bash-3.2

# fetch all patches, including latest ones that patches CVE-2014-6271
for i in $(seq -f “%03g” 0 54); do
wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
patch -p0 < bash32-$i done # install yacc apt-get install bison # configure,compile and install bash (this will install bash into /usr/local/bin/bash) ./configure && make make install # at this point my system is not vulnerable already, test your system env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test" # if this is not the case for your system - try the following # make a symlink from /bin/bash to the new binary mv /bin/bash /bin/bash.old ln -s /usr/local/bin/bash /bin/bash # check that you're not vulnerable anymore wiith the output of the following # it should not output vulnerable word anymore env x='() { :;}; echo vulnerable' bash -c echo #you can Delete the old one thats a problem rm /bin/bash.old [/cc] Based on tannkost instructions for Debian 5 Lenny.

Share and Enjoy !

Shares