{"id":300,"date":"2014-10-04T00:40:14","date_gmt":"2014-10-03T22:40:14","guid":{"rendered":"http:\/\/blog.syshalt.net\/?p=300"},"modified":"2016-02-22T09:34:05","modified_gmt":"2016-02-22T07:34:05","slug":"shellshock-bash-fix-on-nexenta-3-1-5","status":"publish","type":"post","link":"https:\/\/blog.syshalt.net\/index.php\/2014\/10\/04\/shellshock-bash-fix-on-nexenta-3-1-5\/","title":{"rendered":"Shellshock Bash fix on Nexenta 3.1.5\/3.1.6"},"content":{"rendered":"<p>This article is written for people who don`t want to update to Nexenta 4 but still need to fix the Shellshock bug. The procedure is quite simple and I will describe bellow exactly what you need to do.<\/p>\n<p>Connect to you nexenta server with root and type !bash, after that press Y.<\/p>\n<p>nmc@nexenta:\/$ option expert_mode=1<br \/>\nnmc@nexenta:\/$ !bash<br \/>\nYou are about to enter the Unix (&#8220;raw&#8221;) shell and execute low-level Unix command(s). Warning: using low-level Unix commands is not recommended! Execute? (y\/n)<\/p>\n<p>cd ~<br \/>\n# Modify apt sources<br \/>\nvi \/etc\/apt\/sources.list<\/p>\n<p>deb http:\/\/apt.nexentastor.org\/3.1 hardy-testing main contrib non-free<br \/>\ndeb-src http:\/\/apt.nexentastor.org\/3.1 hardy-testing main contrib non-free<\/p>\n<p># Install gcc and bison in order to be able to compile bash<br \/>\napt-get update<br \/>\napt-get install gcc<br \/>\napt-get install bison<\/p>\n<p># Download bash version 3.2, this is used on nexenta 3.1.5. ash-3.2.48.tar.gz is patched till version 48<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2.48.tar.gz<\/p>\n<p># Download all patches after bash32-048 (at the moment I publish this article, latest is bash32-057)<br \/>\nmkdir bash-3.2-patches<br \/>\ncd bash-3.2-patches<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-049<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-050<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-051<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-052<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-053<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-054<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-055<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-056<br \/>\nwget http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/bash32-057<br \/>\ncd ..<\/p>\n<p># Go to bash source folder and patch the source<br \/>\ntar -xvzf bash-3.2.48.tar.gz<br \/>\ncd bash-3.2.48<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-049<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-050<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-051<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-052<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-053<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-054<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-055<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-056<br \/>\npatch -p0 &lt; \/root\/bash-3.2-patches\/bash32-057<\/p>\n<p># Compile<br \/>\n.\/configure<br \/>\nmake<br \/>\nmake install<\/p>\n<p># Bash version should be now .57<br \/>\nroot@nexenta:~# bash &#8211;version<br \/>\nGNU bash, version 3.2.57(3)-release (i386-pc-solaris2.10)<br \/>\nCopyright (C) 2007 Free Software Foundation, Inc.<\/p>\n<p># Test if your bash against Shellshock bug.<br \/>\nenv &#8216;VAR=() { :;}; echo Bash is vulnerable!&#8217; &#8216;FUNCTION()=() { :;}; echo Bash is vulnerable!&#8217; bash -c &#8220;echo Bash is not vulnerable&#8221;<\/p>\n<p># Example<br \/>\nroot@nexenta:~# env &#8216;VAR=() { :;}; echo Bash is vulnerable!&#8217; &#8216;FUNCTION()=() { :;}; echo Bash is vulnerable!&#8217; bash -c &#8220;echo Bash is not vulnerable&#8221;<br \/>\nBash is not vulnerable<\/p>\n<p>Verify every few days if new patches are released on http:\/\/ftp.gnu.org\/gnu\/bash\/bash-3.2-patches\/, a lot of security bugs probably will be fixed these days, as a lot of people is checking the code.<\/p>\n<p>p.s. thanks for suggestions from jb<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article is written for people who don`t want to update to Nexenta 4 but still need to fix the Shellshock bug. The procedure is quite simple and I.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[549,550,548,545,546,547],"class_list":["post-300","post","type-post","status-publish","format-standard","hentry","category-others","tag-3-1-5","tag-3-1-6","tag-bash","tag-nexenta","tag-nexentastor","tag-shellshock"],"_links":{"self":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/comments?post=300"}],"version-history":[{"count":14,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/300\/revisions"}],"predecessor-version":[{"id":356,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/posts\/300\/revisions\/356"}],"wp:attachment":[{"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/media?parent=300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/categories?post=300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.syshalt.net\/index.php\/wp-json\/wp\/v2\/tags?post=300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}