ShellShock - Fix Bash on Debian Lenny

Submitted by root on

root's picture

I guess you are here because of the ShellShock wave and you want to fix your Debian Lenny system. No worries, read on.
If you have Debian Squeeze, follow this link: http://tar.gz.ro/debian-squeeze-bash-shellshock.html

[UPDATE]: if this tutorial is not working for you, just go directly to point 5 at the end. There is another way. Also, the point 5 covers even the older versions: woody (3.0), sarge (3.1) and etch (4.0).

How to upgrade Bash on Debian Lenny:
1. Replace lenny with wheezy in /etc/apt/sources.list or just save the current file and overwrite it with the following:

############################################################
################### OFFICIAL DEBIAN REPOS ###################
#############################################################

###### Debian Main Repos
deb http://ftp.debian.org/debian/ wheezy main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free

###### Debian Update Repos
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy-proposed-updates main contrib non-free

2. Run aptitude update

3. If you attempt to install only Bash (like in squeeze), you will get error (apt-get install --only-upgrade bash):

egg:~# apt-get install --only-upgrade bash
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libc6-dev : Breaks: gcc-4.4 (< 4.4.6-4) but 4.4.5-8 is to be installed
E: Broken packages

Instead, you will have to install (upgrade) also libc6 as follows:

egg:~# apt-get install --only-upgrade bash libc6-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  cpp-4.4 g++-4.4 gcc-4.4 gcc-4.4-base gcc-4.7-base libc-bin libc-dev-bin libc6 libc6-i686 libgcc1 libgmp10 libgomp1 libmpfr4 libstdc++6 libstdc++6-4.4-dev libtinfo5 locales make multiarch-support pkg-config
Suggested packages:
  bash-doc gcc-4.4-locales g++-4.4-multilib gcc-4.4-doc libstdc++6-4.4-dbg gcc-4.4-multilib libmudflap0-4.4-dev libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7 glibc-doc libstdc++6-4.4-doc
  make-doc
The following packages will be REMOVED:
  gcc-4.3
The following NEW packages will be installed:
  gcc-4.7-base libgmp10 libtinfo5 multiarch-support
The following packages will be upgraded:
  bash cpp-4.4 g++-4.4 gcc-4.4 gcc-4.4-base libc-bin libc-dev-bin libc6 libc6-dev libc6-i686 libgcc1 libgomp1 libmpfr4 libstdc++6 libstdc++6-4.4-dev locales make pkg-config
18 upgraded, 4 newly installed, 1 to remove and 349 not upgraded.
Need to get 33.9 MB of archives.
After this operation, 2,166 kB disk space will be freed.
Do you want to continue [Y/n]? y
[...]

4. Check bash and find out it is no more vulnerable:

egg:~# env x='() { :;}; echo Bash is vulnerable!' bash -c "echo PS: this is just a test..."
PS: this is just a test...

4. Put back lenny in /etc/apt/sources.list (or restore the previously saved file) and run again aptitude update

5. If this tutorial doesn't work for you, there are packages created for woody (3.0), sarge (3.1), etch (4.0) and lenny (5.0): http://ftp.linux.it/pub/People/md/bash/

venus:~# wget http://ftp.linux.it/pub/People/md/bash/bash_3.2-4.2_amd64.deb
--2014-10-01 23:46:08--  http://ftp.linux.it/pub/People/md/bash/bash_3.2-4.2_amd64.deb
Resolving ftp.linux.it... 213.92.8.5
Connecting to ftp.linux.it|213.92.8.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 643816 (629K) [application/x-debian-package]
Saving to: `bash_3.2-4.2_amd64.deb'

100%[===============================================================>] 643,816      932K/s   in 0.7s    

2014-10-01 23:46:09 (932 KB/s) - `bash_3.2-4.2_amd64.deb' saved [643816/643816]

venus:~# dpkg -i bash_3.2-4.2_amd64.deb 
(Reading database ... 57038 files and directories currently installed.)
Preparing to replace bash 3.2-4 (using bash_3.2-4.2_amd64.deb) ...
Unpacking replacement bash ...
Setting up bash (3.2-4.2) ...
Processing triggers for man-db ...
venus:~# env x='() { :;}; echo Bash is vulnerable!' bash -c "echo PS: this is just a test..."
PS: this is just a test...

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content

tmutil: command line interface into Time Machine
root
macOS: tmutil set quota
root
ESXi: how to change the MTU of vmkernek (vmk) interface (when UI fails)
root
ESXi: A bunch of useful commands and information
root
How to repair a sparsebundle image
root
macOS: How to Show and Hide Hidden Files in macOS Finder
root
Samsung 870 QVO 2TB: Speed Tests and comparison with Adata SU650 and Kingston K600
root
Ubiquiti EdgeRouter X - thoughts and tips
root
Qnap TR-004 short review - why I cannot use it
root
Speed test of Icy Box IB-3805-C31, a 5 disks enclosure from Raidsonic
root
Asus ROG Sheath in 2024: a HUGE Mousepad, Bigger Than Logitech G840 XL
root
Debian DRBD: How to resize drbd and OCFS2 online
root
Ubuntu: Fast Install With VMware Fusion
root
The one with APC Back-UPS BE850G2-GR: Charge Whatever With It, From Phone to Computer And BEYOND :D
root
File Sharing Problems? Downgrade from macOS Ventura to Monterey
root
VIOFO A139 Quad HD Dash Camera - 3 Channels Camera in a 2 Channels Package. Confused?
root
CarPlay not working with iPhone 15 Pro? Seven Type C cables tested with Mazda 3 BP with USB-A Port
root
Apple Watch Series 9? Not Yet! I Still Love My "Seven of Nine" 19 months later
root
The Wooden Playhouse Project
root
ESXi 7: Create VMFS Partition Via Command Line
root
5 Months with iPhone 15 Pro: Not PERFECT But... Must See. From Gaming to ProRes Requirements.
root
How to build a 25U 600x600 Server Rack
root
Thermaltake Pure 20 fan - HUGE and quiet!
root
Docker: how to increase php memory "the docker way"
root
Mousepad Logitech G840
root
Global Chip Shortage? Build this oddity: PC From 2009 With GeForce GTX 1050ti 4G
root
Brigadier: How to use it to Download Boot Camp Drivers
root
Bombardier: How to use it to Download Boot Camp Drivers
root
Logitech Pro X Wired Gaming Headset (2nd gen): review + mic test with G HUB on Windows 11 and macOS
root
macOS: extract user's image
root