Menu
How do you fix the Shellshock Bash vulnerability on Debian 6.0 (Squeeze)?
428
I had to add LTS repositories to update Bash which fixes the Shellshock vulnerability on Debian 6.0 (Squeeze). I hope someone else finds this useful:
First, check to see if your box is vulnerable. Cut/paste this to your command line:
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;
If you get a response like:
WARNING: SHELLSHOCK DETECTED
As I did in Squeeze, you have the vulnerability. You'll have to update your repositories to the LTS version to get the updates, by commenting out your current repository lines starting with 'deb' in your /etc/apt/sources.list file and then adding these:
deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free
deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free
Now you should update your local cache and install the upgraded Bash (their servers are slow now because everyone's updating, so just pull down the Bash one for bandwidth's sake):
apt-get update && apt-get install --only-upgrade bash
You can do a full system upgrade later. Now run the vulnerability check script above and you shouldn't get any text output, which means you're patched :)
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With