How to patch BASH Shellshock vulnerability

  25 Sep 2014


First, let’s do a simple check if your system is vulnerable to the Shellshock Bash bug. Login to your system and run the following command in the terminal.

env var='() { blah;}; echo you are vulnerable' bash -c /bin/true

If you get:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

Then, you are mostly ok. Your system is not vulnerable.

But, if you get the message:

you are vulnerable

Then, you are not ok. Your system is definitely vulnerable to this bug. You must patch your system somehow.

##How to patch?

If you are trying to patch Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS, you could just:

apt-get update
apt-get install --only-upgrade bash

If you are on OSX and use Homebrew (which you should), then run:

brew update
brew install bash

or use MacPorts:

 sudo port selfupdate
 sudo port upgrade bash

However, you can also compile and patch it by yourself. If you want to do this, make sure that you have already installed a build toolchain. So, in case, you are on Debian based Linux, e.g. Ubuntu, Mint etc., install build-essential

sudo apt-get -y install build-essential

Or, on OSX, ensure you have Xcode with all command-line utilities installed on your machine.

Then, you can either execute each command, like so

or just download the above script and run it with the following commands:

    curl -O https://gist.githubusercontent.com/zdk/4777997bd5fb1dc6577a/raw/compile_and_patch_bash.sh
    chmod +x ./compile_and_patch_bash.sh
    ./compile_and_patch_bash.sh

Finally, do check the result:

env var=”() { blah;}; echo still vulnerable” /bin/bash -c “echo patched”

Hope you will get ‘patched’ message :) Good night, sleep tight, don’t let the BashBug bites.

comments powered by Disqus