Hello Linux Geeksters. As you may know, a critical Bash vulnerability has been recently discovered, being referred by some as “Shellshock“.
Via this exploit, attackers can gain control of systems remote and execute malicious code. Technically, the systems that allow SSH access from remote connections or web servers that run server site scripting are in danger.
Attackers are able to launch malicious code on the server, locally or via OpenSSH by sending infected web request by setting headers in a web request, or by setting weird mime types.
How to test if your bash version is vulnerable:
This Bash critical issue has been discovered by the Red Hat developers, who have also posted a test command for you to see if your bash at risk or not. Open a terminal and launch the below command:
$ env x='() { :;}; echo vulnerable' bash -c "system"
If your system is vulnerable, you will get an output like this:
vulnerable
system
A healthy bath will display the below output:
$ env x='() { :;}; echo vulnerable' bash -c "echo system" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
system
Despite the fact that the developers of the main Linux systems have created an update patch, it is still incomplete, so we have to install a new and unaffected version of bash, from sources.
In this article I will show you you how to fix the shellshock vulnerability on Mac OS X, via either homebrew or MacPorts.
So get a bash version which is not vulnerable to the Shellshock exploit, via homebrew, do:
$ sudo ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
$ sudo brew update
$ sudo brew install bash
$ sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
$ chsh -s /usr/local/bin/bash
$ sudo mv /bin/bash /bin/bash-backup
$ sudo ln -s /usr/local/bin/bash /bin/bash
So get a bash version which is not vulnerable to the Shellshock exploit, via MacPorts, do:
$ sudo port self update
$ sudo port upgrade bash
Leave a Reply