How to check for shellshock BASH Vulnerability on linux and fix it

Shellshock is easily detected and easily fixed. I did this this morning on my parrot security box.

First off run this code from a bash prompt

┌─[root@parrot]─[/home/hytekblue]
└──╼ #env VAR='() { :;}; echo bash is bad' bash -c "echo bash is good"

If you get both results like so then you have an unpatched system.
bash is bad
bash is good

If you are running a debian based system simply update your bash as follows

┌─[root@parrot]─[/home/hytekblue]
└──╼ #apt-get update && apt-get install --only-upgrade bash

or sudo apt-get update && sudo apt-get install --only-upgrade bash

or sudo apt-get update && sudo apt-get install bash

Once done rerun and see if you only get bash is good.
┌─[root@parrot]─[/home/hytekblue]
└──╼ #env VAR='() { :;}; echo bash is bad' bash -c "echo bash is good"

bash is good

when you only see bash is good you are done.

For my freebsd brothers you simply need to update your ports tree.

# portsnap fetch
# portsnap update
cd /usr/ports/shell/bash
make
make reinstall

And if you want to build bash from source with the appropriate patches here is the brief howto for that

(note if you are on a *BSD box you will probably have to install wget before you can proceed)


mkdir ~/bashsrc
cd ~/bashsrc

wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-001
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-002
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-003
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-004
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-005
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-006
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-007
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-008
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-009
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-010
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-011
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-012
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-013
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-014
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-015
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-016
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-017
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-018
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-019
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-020
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-021
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-022
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-023
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-024
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
tar zxvf bash-4.3.tar.gz
cd bash-4.3

patch -p0 < ../bash43-001
patch -p0 < ../bash43-002
patch -p0 < ../bash43-003
patch -p0 < ../bash43-004
patch -p0 < ../bash43-005
patch -p0 < ../bash43-006
patch -p0 < ../bash43-007
patch -p0 < ../bash43-008
patch -p0 < ../bash43-009
patch -p0 < ../bash43-010
patch -p0 < ../bash43-011
patch -p0 < ../bash43-012
patch -p0 < ../bash43-013
patch -p0 < ../bash43-014
patch -p0 < ../bash43-015
patch -p0 < ../bash43-016
patch -p0 < ../bash43-017
patch -p0 < ../bash43-018
patch -p0 < ../bash43-019
patch -p0 < ../bash43-020
patch -p0 < ../bash43-021
patch -p0 < ../bash43-022
patch -p0 < ../bash43-023
patch -p0 < ../bash43-024
patch -p0 < ../bash43-025
patch -p0 < ../bash43-026
patch -p0 < ../bash43-027
patch -p0 < ../bash43-028
patch -p0 < ../bash43-029
patch -p0 < ../bash43-030

./configure
make
sudo make install

Once you have it built and installed you can run “bash –version” to verify the version

bash-4.3# bash --version
GNU bash, version 4.3.27

Tagged on: ,

Leave a Reply

Your email address will not be published. Required fields are marked *