Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Shellshock bash vulnerability

  1. #1
    Senior Member
    Join Date
    Jan 2014
    Posts
    125
    vCash
    500
    Points
    90,844
    Bank
    0
    Total Points
    90,844
    Donate

    Shellshock bash vulnerability

    http://www.linuxquestions.org/questi...06#post5244106

    Manual patch instructions for Debian and CentOS.

  2. #2
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    680,476
    Bank
    0
    Total Points
    680,476
    Donate
    Is this the beginning of the attacks on 'Nix based systems?

  3. #3
    Senior Member
    Join Date
    Jan 2014
    Posts
    125
    vCash
    500
    Points
    90,844
    Bank
    0
    Total Points
    90,844
    Donate
    I think you kind of missed the point.

  4. #4
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    680,476
    Bank
    0
    Total Points
    680,476
    Donate
    Quote Originally Posted by emr View Post
    I think you kind of missed the point.
    Either that or you didn't make your point clear.

  5. #5
    Senior Member slgrieb's Avatar
    Join Date
    Mar 2014
    Location
    Texas Panhandle
    Posts
    2,647
    vCash
    800
    Points
    578,693
    Bank
    0
    Total Points
    578,693
    Donate
    Quote Originally Posted by Webhead View Post
    Either that or you didn't make your point clear.
    I think that "Manual patch instructions for Debian and CentOS." in response to a Linux security issue would be pretty clear.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

  6. #6
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    680,476
    Bank
    0
    Total Points
    680,476
    Donate
    Quote Originally Posted by slgrieb View Post
    I think that "Manual patch instructions for Debian and CentOS." in response to a Linux security issue would be pretty clear.
    Ok. But what else does it affect? Is this limited to just Linux?

  7. #7
    Senior Member
    Join Date
    Jan 2014
    Posts
    125
    vCash
    500
    Points
    90,844
    Bank
    0
    Total Points
    90,844
    Donate
    Anything that runs bash. I posted specific instructions for Debian and CentOS because I look after those systems. Feel free to post for other flavours, like Apple for instance which is also vulnerable however you pretty much need to be running an internet facing web server so that mitigates most OS X installs out there.

  8. #8
    Senior Member
    Join Date
    Jan 2014
    Posts
    125
    vCash
    500
    Points
    90,844
    Bank
    0
    Total Points
    90,844
    Donate
    This script will recompile bash with a patch against shellshock on Debian 5. I still have a few old legacy boxes running it, really must upgrade. From https://dmsimard.com/2014/09/25/the-...-vulnerability

    #!/bin/bash
    # dependencies
    apt-get update; apt-get install build-essential gettext bison

    # get bash 3.2 source
    wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
    tar zxvf bash-3.2.tar.gz
    cd bash-3.2

    # download and apply all patches, including the latest one that patches CVE-2014-6271
    # Note: CVE-2014-6271 is patched by release 52.
    # Release 53 is not out on the GNU mirror yet - it should address CVE-2014-7169.
    for i in $(seq -f "%03g" 1 52); do
    wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
    patch -p0 < bash32-$i
    done

    # compile and install to /usr/local/bin/bash
    ./configure && make
    make install

    # point /bin/bash to the new binary
    mv /bin/bash /bin/bash.old
    ln -s /usr/local/bin/bash /bin/bash

  9. #9
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    680,476
    Bank
    0
    Total Points
    680,476
    Donate
    Quote Originally Posted by emr View Post
    Anything that runs bash. I posted specific instructions for Debian and CentOS because I look after those systems. Feel free to post for other flavours, like Apple for instance which is also vulnerable however you pretty much need to be running an internet facing web server so that mitigates most OS X installs out there.
    Right. I had Apple in mind when I posted previously. It just seems like Apple is gaining so much in popularity that maybe the attacks are going to start happening more and more now. And since Apple is basically Linux, then it just makes sense that attacks, exploits, vulnerabilities will start popping up in the mainstream now for all of those things.

    Anyway, I didn't mean to hi-jack the thread with all this. Basically just throwing out a thought I had about this.

  10. #10
    Senior Member slgrieb's Avatar
    Join Date
    Mar 2014
    Location
    Texas Panhandle
    Posts
    2,647
    vCash
    800
    Points
    578,693
    Bank
    0
    Total Points
    578,693
    Donate
    Quote Originally Posted by Webhead View Post
    Right. I had Apple in mind when I posted previously. It just seems like Apple is gaining so much in popularity that maybe the attacks are going to start happening more and more now. And since Apple is basically Linux, then it just makes sense that attacks, exploits, vulnerabilities will start popping up in the mainstream now for all of those things.

    Anyway, I didn't mean to hi-jack the thread with all this. Basically just throwing out a thought I had about this.
    OS X isn't based on any Linux variant; it's a spin off of BSD Unix. As for "gaining in popularity:" I'd say Android is eating Apple for a snack.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •