°Ô½Ã¹° 1,369°Ç
   
[Fedora18] CVE-2014-6271 bash bug fix
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2014-09-29 (¿ù) 14:50 Á¶È¸ : 5210
±ÛÁÖ¼Ò :
bash-4.2.45-1.fc18.x86_64.rpm (992.3K), Down : 2, 2014-09-29 15:01:41
                                
ÇöÀç Fedora ¹èÆ÷ÆÇ¿¡¼­´Â 19~21¹öÀü¿¡¼­¸¸ Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡°¡ Á¦°øµÇ°í ÀÖÀ¸¸ç Fedora18 ÀÌÇϹöÀüÀº yum ¾÷µ¥ÀÌÆ®°¡ ÁߴܵǾ À̹ø bash ½© Ãë¾àÁ¡¿¡ ´ëÇØ ÆÐÄ¡¹öÀüÀ» Á¦°øÇÏÁö ¾Ê°í ÀÖ½À´Ï´Ù. µû¶ó¼­ ¾Æ·¡¿Í °°Àº ¹æ¹ýÀ¸·Î ¾÷µ¥ÀÌÆ®°¡ °¡´ÉÇÏ¿À´Ï Âü°íÇϼ¼¿ä.



# cat /etc/redhat-release  
Fedora release 18 (Spherical Cow)

# uname -a
Linux 115-68-200-23 3.11.10-100.fc18.x86_64 #1 SMP Mon Dec 2 20:28:38 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

# rpm -q bash
bash-4.2.45-1.fc18.x86_64


bash ½© Ãë¾àÁ¡ ¿©ºÎ È®ÀÎ
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test


bash ¼Ò½º RPM ´Ù¿î·Îµå
# yumdownloader --source bash


bash Ãë¾àÁ¡ ÆÐÄ¡¹öÀü ´Ù¿î·Îµå
cd /root/rpmbuild/SOURCE
# wget http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-048


ÆÐÄ¡¼Ò½º ¼öÁ¤ 
 :: Fedora18 ¿¡¼­ÀÇ bash ¹öÀüÀÌ 4.2.45À̱⿡ ÇØ´ç¹öÀü ·¹º§·Î ¼öÁ¤
# vim bash42-048
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 45

  #endif /* _PATCHLEVEL_H_ */


ºôµåÇÁ·Î¼¼¼­¿¡ ´ëÇÑ spec ÆÄÀÏ ÆíÁý
# cd /root/rpmbuild/SPECS/
# vim bash.spec
61 ¶óÀÎ
Patch045: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-045
Patch048: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-048
Patch049: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-049

192 ¶óÀÎ
%patch045 -p0 -b .045
%patch048 -p0 -b .048
%patch049 -p0 -b .049


½Å±Ô bash ÆÐÅ°Áö ¼³Ä¡
# rpmbuild -bb bash.spec
# rpm -Uhv /root/rpmbuild/RPMS/x86_64/bash-4.2.45-1.fc18.x86_64.rpm --force
Preparing...                          ################################# [100%]
Updating / installing...
   1:bash-4.2.45-1.fc18               ################################# [100%]


bash ¹öÀü È®ÀÎ
# bash -version
GNU bash, version 4.2.49(1)-release (x86_64-redhat-linux-gnu)


ÆÐÄ¡¿©ºÎ È®ÀÎ
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

¡Ø Fedora18 x86_64¹öÀü¿¡´Â ÷ºÎµÈ ÆÄÀÏ·Î ¼³Ä¡ÇÏ¸é µË´Ï´Ù.


¾Æ·¡¿Í°°ÀÌ ¼Ò½º·Î ÆÐÄ¡¹öÀü ÄÄÆÄÀÏ ¹æ¹ý
¼Ò½ºÄÄÆÄÀÏ : https://shellshocker.net

Building From Source

You can patch bash with one command using our bash patcher, just run the following command and you should be good to go!
Make sure you have patch installed before you run this command. sudo apt-get install patch (yum install patch) etc...

curl https://shellshocker.net/fixbash | sh
If you want to do it yourself, feel free. Here are all the commands you'll need.

 cd ~/
mkdir bash
cd bash
wget https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 1 27); do wget     https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
for i in $(seq -f "%03g" 1 27);do patch -p0 < ../bash43-$i; done
./configure && make && make install

À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.