Shellshock - Remote code execution via Bash
-
@Ted said:
Thanks to @a_5mith, I just binged several of his videos. He does a good job of breaking things down for those with little experience, when he isn't doing something humorous. Thanks for sharing this.
He does a few videos for Computerphile as well. Where he goes into a little more detail. Does some really good videos.
-
@julian alternatively recompile Bash by hand. This should work:
mkdir src cd src wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz #download all patches for i in $(seq -f "%03g" 0 28); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done tar zxvf bash-4.3.tar.gz cd bash-4.3 #apply all patches for i in $(seq -f "%03g" 0 28);do patch -p0 < ../bash43-$i; done #build and install ./configure && make && make install cd .. cd .. rm -r srcPlease note thought that a full patch for the exploit is not yet available.
-
@julian I am on Ubuntu 12 LTS and received the updates for bash. They may not have been out at the time you checked for 13?
I checked my logs and we only had a couple of attempts against our server, luckily I had updated when the quick fix got released and updated again when the actual fix was released.
-
