Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@benhosmer

benhosmer/shellshock.md

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save benhosmer/e1bff7b8244dc0c16edc to your computer and use it in GitHub Desktop.
Save benhosmer/e1bff7b8244dc0c16edc to your computer and use it in GitHub Desktop.
Download ZIP
bash-shellshock.md
Raw
shellshock.md

Run this from a prompt

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

And this just to make sure

cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo

Patch old ubuntu

cd ~/
mkdir bash
cd bash
wget https://ftp.gnu.org/gnu/bash/bash-4.2.tar.gz
for i in $(seq -f "%03g" 0 49); do wget https://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-$i; done
tar zxvf bash-4.2.tar.gz 
cd bash-4.2
for i in $(seq -f "%03g" 0 49); do patch -p0 < ../bash42-$i; done
./configure && make
sudo make install
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment