Fix bash failure step by step

After the discovery of a new vulnerability found in the Linux BASH shell, and the seriousness of it and the number of affected systems, we indicate how to fix it.

 

The problem is that at this time, there are not yet posted any bug free version. At least at the time of this writing. So Linux update packages with apt-get utility or yum will not provide the solution. So we patch it from the source code. It’s okay, sounds very radical, but they are only 5 minutes.

 

How to know if my system is affected

Easy, go to the console and run this command:

 env x='() { :;}; echo vulnerable' bash -c "echo bash test"

If the system is vulnerable get this response:

vulnerable

bash test

 

otherwise, you will see this message in the console:

bash: warning: x: ignoring function definition attempt
bash: error importing the definition of the function for `x '
bash test

That means that you tried to run unauthorized code, and the system has not allowed it.

 

Fix bash failure step by step.

 

First, we will download the source code from the GNU repository to the folder /usr/src of your linux.

To do this, run from the console:

cd /usr/src

wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz

 

Then download the patch posted:

wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025

As Michael Eager says, we have to download all the previous patches, because the source code of bash is at level 0, and the ShellSock bugs is at level 25.

Now, we download all previous patches:

wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-001
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-002
wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-003

Until last patch
 

Unzip the source of bash 4.3:

tar -xvzf bash-4.3.tar.gz

So we create the /usr/src/bash-4.3 folder.

Copy all the patches to the folder in the source:

cp bash43-* bash-4.3/

Access to bash-4.3:

cd bash-4.3

and run the patch installation pacth by patch:

patch -p0 -i bash43-001
patch -p0 -i bash43-002
patch -p0 -i bash43-003

Until last patch. At this moment, it is bash43-026.
Then compile the new bash just patched. Run these commands:

./configure

make

make install

 

My Debian has a habit of placing system files “at Debian way”. So I have to copy them to their correct places. Anyway, even if you have another Linux distribution, it is good to copy them, but check the correct place. To do this, rename the old bash as bash.old and remove the execute permissions to avoid problems:

cp /bin/bash /bin/bash.old

chmod -x /bin/bash.old

cp /usr/bin/bashbug /usr/bin/bashbug.old

chmod -x /usr/bin/bashbug.old

 

Now copy the new files. If you have followed these instructions step by step, we will be located in /usr/src/bash-4.3:

cp -f bash /bin/

cp bashbug /usr/bin/

cp bashversion /bin/

 

And it’s done.

 

To check it, open another console and login again. Upon entering, you will run the new bash.

Run these commands to check that all is well:

bashversion

and you must see this message:

4.3.26(1)-release

 

Finally to check that our system is not vulnerable to failure bash, execute:

env x='() { :;}; echo vulnerable' bash -c "echo bash test"

 

And if everything is done well, we will see this message:

bash: warning: x: ignoring function definition attempt
bash: error importing the definition of the function for `x '
bash test