shellshock vulnerability test andfix

A major vulnerability was discovered on Bash, affecting OS X

How to check: 
Open Terminal
Type (or copy/paste) the following command line (Verbatim)

env x='() { :;}; echo vulnerable' bash -c 'echo hello'



If you system is vulnerable to Shellshock, you will see “vulnerable hello”


If your system is safe from Shellshock, you should see something as:

$ env X=‘() { (a)=>\’ sh -c “echo date”; cat echo sh: X: line 1: syntax error near unexpected token `=’ sh: X: line 1: `’ sh: error importing function definition for `X

How to FIX IT :
In Terminal:
>> Note: Do not type the $ sign, it’s the indication that you have to enter that line in Terminal and execute.
Note: You MUST have Xcode installed
Note: You MUST have Xcode installed
Note: READ the above again

$ mkdir bash-fix 
$ cd bash-fix 
$ curl | tar zxf - 
$ cd bash-92/bash-3.2 
$ curl | patch -p0 
$ cd .. 
$ xcodebuild 
$ sudo cp /bin/bash /bin/bash.old 
$ sudo cp /bin/sh /bin/sh.old 
$ build/Release/bash --version # GNU bash, version 3.2.52(1)-release 
$ build/Release/sh --version  # GNU bash, version 3.2.52(1)-release 
$ sudo cp build/Release/bash /bin 
$ sudo cp build/Release/sh /bin
$ sudo -K 


Then check the install and version:
$ bash –version

The answer should be:
GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin13) Copyright (C) 2007 Free Software Foundation, Inc.


Tinggalkan Balasan

Please log in using one of these methods to post your comment:


You are commenting using your account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )


Connecting to %s