Bash Shellshock fix with scripts for Debian, Ubuntu, CentOS and other distros. including old

First check if your Bash is vulnerable, execute the following command-

env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’

If your system is vulnerable, you will see:

vulnerable

this is a test

If your system is not vulnerable, you will see:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

this is a test

To check for the vulnerability CVE-2014-6271, run the following in Bash:

env X='() { (a)=>\’ sh -c “echo date”; cat echo

If your system is vulnerable, you will see:

bash: X: line 1: syntax error near unexpected toke `=’

bash: X: line 1: `’

bash: error importing function for `X’

Sun Sep 08:17:32 EST 2014

If your system is not vulernable, you will see:

date

cat: echo: No such file or directory

To test the vulnerability CVE-2014-7186, run the following in Bash:

bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF’ || echo “CVE-2014-7186 vulnerable, redir_stack”

If your system is not vulnerable, you will see:

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’)

So, let’s start fixing it!

 

Below, I’ve tried to put various contributors solution to place in a single entry.

For Debian 6 (Squeeze)

 

Append this to your sources.list:

deb http://http.debian.net/debian squeeze-lts main contrib non-free

deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

and then run

apt-get update

apt-get install -t squeeze-lts –only-upgrade bash Continue reading “Bash Shellshock fix with scripts for Debian, Ubuntu, CentOS and other distros. including old” »

Share