Hazard's stuff

25 Sep, 2014

bash binaries with ShellShock vulnaribility patch for old Red Hat Linux systems

— Posted by hazard @ 2014-09-25 19:06
** UPDATED SEP 26 2014 FOR CVE-2014-7169 **

Some of us are unlucky enough to run older Linux systems (CentOS 4 and older) and need to fix bash "ShellSock" environment code injection vulnerability.

To make the job easier, you can grab my CentOS 4.x i386 RPM/SRC RPM , as well as Red Hat Linux 6.2 (circa 2000!) RPM/SRC RPM, which may work on older systems as well, such as RH7. SRPM should be buildable on all Red Hat systems.

MD5 sums:
30d76eb29c75ca9bf5dcc4d4903de299  bash-3.0-29centos4_vulnfix.i386.rpm
89f0c72480a2dbe28d61503973e98443  bash-3.0-29centos4_vulnfix.src.rpm
57bb220cc9ac5ef2c445a4dece61814c  bash-3.0-29rh62_vulnfix.i386.rpm
4ab6aa1a5958da0e5290f43134b08f2a  bash-3.0-29rh62_vulnfix.src.rpm

If you want to be 100% sure that the code wasn't tampered with, build your own binary by using src RPM and verify that all patches apart from 140/141 are Red Hat original (140/141 were taken from Oracle's bash patches).