Shellshock Exploit – Manually patching BASH

Recently the events concerning the Shellshock exploit have been all over the media. This one is bad.. real bad:

Remote exploit vulnerability in bash CVE-2014-6271

However it’s entirely possible that your Linux distribution might not have a patch readily available if say, you’re running an older linux distro like Ubuntu 8.0.4

Fear not.. building and installing your own patched version of bash is fairly straightforward, presuming you have GCC and build tools installed with your distribution. If you’re comfortable building code you can do the following:


#assume that your sources are in /src
cd /src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install after retrieving and patching the bash build files
sudo ./configure --prefix=/usr --bindir=/bin --sbindir=/sbin --sysconfdir=/etc && sudo make && sudo make

Here’s a link to the original discussion on this over on Hacker News