Created
September 26, 2014 16:40
-
-
Save chrisfu/22d171eb6f3b43be8c88 to your computer and use it in GitHub Desktop.
Update bash on old unsupported Debian varients
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # inspired by http://askubuntu.com/a/528171 | |
| # prerequisites | |
| sudo apt-get install bison flex make patch gcc byacc | |
| # get bash 3.2 source | |
| mkdir src && cd src | |
| wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz | |
| tar zxvf bash-3.2.tar.gz | |
| cd bash-3.2 | |
| # download and apply all patches, including the latest one that patches CVE-2014-6271 | |
| for i in $(seq -f "%03g" 1 52); do | |
| wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i | |
| patch -p0 < bash32-$i | |
| done | |
| # grab a patch that fixes CVE-2014-7169 | |
| wget -nv http://seclists.org/oss-sec/2014/q3/att-734/bash32-053.bin -O bash32-053 | |
| patch -p0 < bash32-053 | |
| # compile and install to /usr/local/bin/bash | |
| ./configure && make | |
| sudo make install | |
| # point /bin/bash to the new binary | |
| sudo mv /bin/bash /bin/bash.old | |
| sudo ln -s /usr/local/bin/bash /bin/bash | |
| # test by comparing the output of the following commands CVE-2014-6271 | |
| env x='() { :;}; echo vulnerable' /bin/bash.old -c echo | |
| env x='() { :;}; echo vulnerable' bash -c echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment