This is only for apple users using advance versions of OSX.
Type the following code to your terminal to check if you are vulnerable to the ShellShock bug.
Type the following code to your terminal to check if you are vulnerable to the ShellShock bug.
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you see the word "vulnerable" printed out on your terminal. Your are vulnerable. (and most probably you will find yourself vulnerable )
Note your bash version - run the following command on your terminal
macbook:~ Abhishek$ bash -versionGNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)Copyright (C) 2007 Free Software Foundation, Inc.
So you need to obtain and recompile bash to fix this.
MAKE SURE YOU HAVE XCODE INSTALLED BEFORE PROCEEDING TO THE NEXT STEP
Copy the following code and then type
$ mkdir bash-fix
$ cd bash-fix
$ curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
$ cd bash-92/bash-3.2
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
$ cd ..
$ sudo xcodebuild
$ sudo cp /bin/bash /bin/bash.old
$ sudo cp /bin/sh /bin/sh.old
$ build/Release/bash --version # GNU bash, version 3.2.53(1)-release
$ build/Release/sh --version # GNU bash, version 3.2.53(1)-release
$ sudo cp build/Release/bash /bin
$ sudo cp build/Release/sh /bin
(Note: you can run this by copy-and-pasting the above code block, going into Terminal and then running
pbpaste | cut -c 2- | sh. Always take care when running random scripts from the internet though ...)
After this, the Bash version should be v3.2.53:
run the checker command again
macbook:~ Abhishek$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello
"Vulnerable" is gone.
Go to Sleep ....You are safe.. (for now)
No comments:
Post a Comment