Archive

Posts Tagged ‘CVE-2014-7187’

Update bash at Slackware 11 with the latest patch against shellshock bugs CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187

October 1, 2014 1 comment

I still have Slackware 11 machines … so I had to recompile the bash

I took a moment to read this nice blog related to shellshock: http://chester.me/archives/2014/09/building-bash-from-source-shellshock-mitigation/
So in short what I did at my Slackware 11 machines:

root@DL-380:[Wed Oct 01 23:05:47]:[~]$ cat /etc/slackware-version 
Slackware 11.0.0
root@DL-380:[Wed Oct 01 23:05:47]:[/opt/installs]$ bash --version
GNU bash, version 3.1.17(2)-release (i486-slackware-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.

root@DL-380:[Wed Oct 01 23:06:02]:[/opt/installs]$ wget  http://ftp.gnu.org/gnu/bash/bash-3.1.tar.gz
root@DL-380:[Wed Oct 01 23:06:35]:[/opt/installs]$ lftp http://ftp.gnu.org/gnu/bash
cd: received redirection to `http://ftp.gnu.org/gnu/bash/'
cd ok, cwd=/gnu/bash                               
lftp ftp.gnu.org:/gnu/bash> mirror bash-3.1-patches 
Total: 1 directory, 44 files, 0 symlinks                  
New: 44 files, 0 symlinks
60375 bytes transferred in 5 seconds (11.3K/s)
lftp ftp.gnu.org:/gnu/bash> exit
root@DL-380:[Wed Oct 01 23:07:39]:[/opt/installs]$ rm bash-3.1-patches/*sig
root@DL-380:[Wed Oct 01 23:07:53]:[/opt/installs]$ tar xvf bash-3.1.tar.gz 
root@DL-380:[Wed Oct 01 23:08:54]:[/opt/installs]$ cd bash-3.1
root@DL-380:[Wed Oct 01 23:08:59]:[/opt/installs/bash-3.1]$ 
root@DL-380:[Wed Oct 01 23:08:59]:[/opt/installs/bash-3.1]$ for patch_file in `find /opt/installs/bash-3.1-patches/ -type f `;  do echo $patch_file && patch -p0 < $patch_file ; done
root@DL-380:[Wed Oct 01 23:09:23]:[/opt/installs/bash-3.1]$ tail patchlevel.h
#if !defined (_PATCHLEVEL_H_)
#define _PATCHLEVEL_H_

/* It's important that there be no other strings in this file that match the
   regexp `^#define[     ]*PATCHLEVEL', since that's what support/mkversion.sh
   looks for to find the patch level (for the sccs version string). */

#define PATCHLEVEL 21

#endif /* _PATCHLEVEL_H_ */
root@DL-380:[Wed Oct 01 23:09:44]:[/opt/installs/bash-3.1]$ ./configure 
root@DL-380:[Wed Oct 01 23:10:49]:[/opt/installs/bash-3.1]$ make --j3 
ls -l bash
-rwxr-xr-x 1 root root 1556950 2014-10-01 23:11 bash
size bash
   text       data        bss        dec        hex    filename
 634120      22840      19432     676392      a5228    bash
root@DL-380:[Wed Oct 01 23:11:19]:[/opt/installs/bash-3.1]$ 
root@DL-380:[Wed Oct 01 23:11:19]:[/opt/installs/bash-3.1]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 
vulnerable
this is a test
root@DL-380:[Wed Oct 01 23:12:36]:[/opt/installs/bash-3.1]$ env x='() { :;}; echo vulnerable' ./bash -c "echo this is a test" 
this is a test
root@DL-380:[Wed Oct 01 23:12:41]:[/opt/installs/bash-3.1]$ ./bash --version
GNU bash, version 3.1.21(2)-release (i686-pc-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
root@DL-380:[Wed Oct 01 23:12:46]:[/opt/installs/bash-3.1]$ which bash
/usr/bin/bash
root@DL-380:[Wed Oct 01 23:13:11]:[/opt/installs/bash-3.1]$ file /usr/bin/bash
/usr/bin/bash: symbolic link to `/bin/bash'
root@DL-380:[Wed Oct 01 23:13:15]:[/opt/installs/bash-3.1]$ file /bin/bash
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped
root@DL-380:[Wed Oct 01 23:13:18]:[/opt/installs/bash-3.1]$ cp -fp bash /bin/bash
root@DL-380:[Wed Oct 01 23:13:28]:[/opt/installs/bash-3.1]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 
this is a test
root@DL-380:[Wed Oct 01 23:13:43]:[/opt/installs/bash-3.1]$ (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno" 
root@DL-380:[Wed Oct 01 23:13:53]:[/opt/installs/bash-3.1]$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack" 
root@DL-380:[Wed Oct 01 23:14:02]:[/opt/installs/bash-3.1]$ 

Done

Slackware4LIfe 🙂

Advertisements