Edited at

CentOS4 Shellshock対応ワンライナー

More than 5 years have passed since last update.


前提

yumが走るのでvault.centos.orgリポジトリが登録できていなければなりません。

初期状態から登録させるには以下。

sed -ri.bak -e 's/^mirrorlist/#mirrorlist/g' -e 's/#baseurl=http:\/\/mirror\.centos\.org\/centos\/\$releasever/baseurl=http:\/\/vault\.centos\.org\/4\.9/g' /etc/yum.repos.d/CentOS-Base.repo


ワンライナー

sudo sh -c 'export _ARCH=$([ `arch` = "x86_64" ] && echo x86_64 || echo i386); curl -ko /tmp/bash-3.0-27.0.3.el4.src.rpm https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.0.3.el4.src.rpm && yum install -y gcc bison texinfo libtermcap-devel rpm-build && rpmbuild --rebuild /tmp/bash-3.0-27.0.3.el4.src.rpm && rpm -Uvh /usr/src/redhat/RPMS/"${_ARCH}"/bash-3.0-27.0.3."${_ARCH}".rpm && rm -f /tmp/bash-3.0-27.0.3.el4.src.rpm'

i386/x86_64、ログインシェルが{sh,bash}以外でも対応します。

ちなみにビルドの前後でsh --version3.00.15(1)のまま変わりません。

以下でチェックできます(hannob/bashcheck)。

curl -ko /tmp/bashcheck.sh https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck && sh /tmp/bashcheck.sh


対応前:

Testing /bin/bash ...

Bash version 3.00.15(1)-release

Variable function parser active, maybe vulnerable to unknown parser bugs
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

対応後:

Testing /bin/bash ...

Bash version 3.00.15(1)-release

Variable function parser pre/suffixed [(), redhat], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)


参考URL