ÇöÀç Fedora ¹èÆ÷ÆÇ¿¡¼´Â 19~21¹öÀü¿¡¼¸¸ Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡°¡ Á¦°øµÇ°í ÀÖÀ¸¸ç Fedora18 ÀÌÇϹöÀüÀº yum ¾÷µ¥ÀÌÆ®°¡ Áß´ÜµÇ¾î¼ À̹ø bash ½© Ãë¾àÁ¡¿¡ ´ëÇØ ÆÐÄ¡¹öÀüÀ» Á¦°øÇÏÁö ¾Ê°í ÀÖ½À´Ï´Ù. µû¶ó¼ ¾Æ·¡¿Í °°Àº ¹æ¹ýÀ¸·Î ¾÷µ¥ÀÌÆ®°¡ °¡´ÉÇÏ¿À´Ï Âü°íÇϼ¼¿ä.
# cat /etc/redhat-release
Fedora release 18 (Spherical Cow)
# uname -a
Linux 115-68-200-23 3.11.10-100.fc18.x86_64 #1 SMP Mon Dec 2 20:28:38 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q bash
bash-4.2.45-1.fc18.x86_64
bash ½© Ãë¾àÁ¡ ¿©ºÎ È®ÀÎ
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
bash ¼Ò½º RPM ´Ù¿î·Îµå
# yumdownloader --source bash
bash Ãë¾àÁ¡ ÆÐÄ¡¹öÀü ´Ù¿î·Îµå
cd /root/rpmbuild/SOURCE
# wget http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-048
ÆÐÄ¡¼Ò½º ¼öÁ¤
:: Fedora18 ¿¡¼ÀÇ bash ¹öÀüÀÌ 4.2.45À̱⿡ ÇØ´ç¹öÀü ·¹º§·Î ¼öÁ¤
# vim bash42-048
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 45
#endif /* _PATCHLEVEL_H_ */
ºôµåÇÁ·Î¼¼¼¿¡ ´ëÇÑ spec ÆÄÀÏ ÆíÁý
# cd /root/rpmbuild/SPECS/
# vim bash.spec
61 ¶óÀÎ
Patch045: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-045
Patch048: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048
Patch049: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-049
192 ¶óÀÎ
%patch045 -p0 -b .045
%patch048 -p0 -b .048
%patch049 -p0 -b .049
½Å±Ô bash ÆÐÅ°Áö ¼³Ä¡
# rpmbuild -bb bash.spec
# rpm -Uhv /root/rpmbuild/RPMS/x86_64/bash-4.2.45-1.fc18.x86_64.rpm --force
Preparing... ################################# [100%]
Updating / installing...
1:bash-4.2.45-1.fc18 ################################# [100%]
bash ¹öÀü È®ÀÎ
# bash -version
GNU bash, version 4.2.49(1)-release (x86_64-redhat-linux-gnu)
ÆÐÄ¡¿©ºÎ È®ÀÎ
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
¡Ø Fedora18 x86_64¹öÀü¿¡´Â ÷ºÎµÈ ÆÄÀÏ·Î ¼³Ä¡ÇÏ¸é µË´Ï´Ù.
¾Æ·¡¿Í°°ÀÌ ¼Ò½º·Î ÆÐÄ¡¹öÀü ÄÄÆÄÀÏ ¹æ¹ý
¼Ò½ºÄÄÆÄÀÏ : https://shellshocker.net
Building From Source
You can patch bash with one command using our bash patcher, just run the following command and you should be good to go!
Make sure you have patch installed before you run this command. sudo apt-get install patch (yum install patch) etc...
curl https://shellshocker.net/fixbash | sh
If you want to do it yourself, feel free. Here are all the commands you'll need.
| cd ~/ mkdir bash cd bash wget https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz #download all patches for i in $(seq -f "%03g" 1 27); do wget https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done tar zxvf bash-4.3.tar.gz cd bash-4.3 for i in $(seq -f "%03g" 1 27);do patch -p0 < ../bash43-$i; done ./configure && make && make install |
bash-4.2.45-1.fc18.x86_64.rpm
