bash is still shown as vulnerable even after updating bash to bash-3.2-33.el5_11.4.

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • bash

Issue

  • bash is still shown as vulnerable even after updating bash to bash-3.2-33.el5_11.4.
# env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test
  • We are sure that our bash package has been updated to the version that has the fix for shellshock.
# rpm -q bash
bash-3.2-33.el5_11.4

Resolution

  • You are currently using bash which is not provided by Red Hat. Please run below command to check:
# rpm -qf `which bash`
file /usr/local/bin/bash is not owned by any package
     ^^^^^^^^^^^^^^^^^^
  • As above output shows, you are running /usr/local/bin/bash which is not provided by Red Hat.

  • This also means that you are running the diagnostic command as below.

# env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' /usr/local/bin/bash -c "echo test"
                                                                              ^^^^^^^^^^^^^^^^^^
  • We would suggest you to use /bin/bash from the package provied by Red Hat which has the fix for shellshock.
# env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' /bin/bash -c "echo test"
/bin/bash: warning: x: ignoring function definition attempt
/bin/bash: error importing function definition for `BASH_FUNC_x'
test

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

1 Comments

I can't reinstall xorg-x11-apps, apparently:
[root@37 eeidisse]# yum reinstall xorg-x11-apps
Loaded plugins: product-id, protectbase, refresh-packagekit, security, subscription-manager
[Errno -3] Midlertidig feil i navneoppslag
Setting up Reinstall Process
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.fedoraproject.org'"
https://cdn.redhat.com/content/dist/rhel/workstation/6/6.4/x86_64/optional/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'cdn.redhat.com'"
Trying other mirror.
https://cdn.redhat.com/content/dist/rhel/workstation/6/6.4/x86_64/rhev-agent/3/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'cdn.redhat.com'"
Trying other mirror.
https://cdn.redhat.com/content/dist/rhel/workstation/6/6.4/x86_64/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'cdn.redhat.com'"
Trying other mirror.

0 packages excluded due to repository protections
No Match for argument: xorg-x11-apps
Package(s) xorg-x11-apps available, but not installed.
Error: Nothing to do

Jan-Erik Eidissen