Bismilla

mohon bantuannya

karena ini untuk masalah baru baru ini tentang shellshock pada os x

bagaimana cara patchnya

berikut langkahnya

1. l00p:MSF-Installer Xr0b0t$ sudo cp /bin/bash /bin/bash.old

2. l00p:MSF-Installer Xr0b0t$ sudo cp /bin/sh /bin/sh.old

3. l00p:MSF-Installer Xr0b0t$ mkdir bash-fix

4. l00p:MSF-Installer Xr0b0t$ cd bash-fix

5. l00p:bash-fix Xr0b0t$ wget –no-check-certificate https://opensource.apple.com/tarballs/bash/bash-92.tar.gz

–2014-09-28 04:12:18– https://opensource.apple.com/tarballs/bash/bash-92.tar.gz

Resolving opensource.apple.com… 17.251.224.146

Connecting to opensource.apple.com|17.251.224.146|:443… connected.

WARNING: cannot verify opensource.apple.com’s certificate, issued by ‘/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL SGC CA – G2’:

Unable to locally verify the issuer’s authority.

HTTP request sent, awaiting response… 200 OK

Length: 4186681 (4.0M) [application/x-gzip]

Saving to: ‘bash-92.tar.gz’

100%[======================================>] 4,186,681 149KB/s in 32s

2014-09-28 04:12:54 (128 KB/s) – ‘bash-92.tar.gz’ saved [4186681/4186681]

6. l00p:bash-fix Xr0b0t$ tar -xvzf bash-92.tar.gz

7. l00p:bash-fix Xr0b0t$ cd bash-92

8. l00p:bash-92 Xr0b0t$ cd bash-3.2/

l00p:bash-3.2 Xr0b0t$ curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 1115 100 1115 0 0 214 0 0:00:05 0:00:05 –:–:– 264

patching file parse.y

patching file patchlevel.h

9. l00p:bash-3.2 Xr0b0t$ [ “$ADD_IMPORT_FUNCTIONS_PATCH” == “YES” ] && curl http://alblue.bandlem.com/import_functions.patch | patch -p0

10. l00p:bash-3.2 Xr0b0t$ cd ..

11. l00p:bash-92 Xr0b0t$ xcodebuild

=== BUILD AGGREGATE TARGET ostype.h OF PROJECT bash WITH THE DEFAULT CONFIGURATION (Release) ===

until

** BUILD SUCCEEDED **

12. l00p:bash-92 Xr0b0t$ ./build/Release/bash –version

GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin14)

Copyright (C) 2007 Free Software Foundation, Inc.

13. l00p:bash-92 Xr0b0t$ sudo cp /bin/bash /bin/bash.old

Password:

14. l00p:bash-92 Xr0b0t$ sudo cp /bin/sh /bin/sh.old

15. l00p:bash-92 Xr0b0t$ sudo cp build/Release/bash /bin

16. l00p:bash-92 Xr0b0t$ sudo cp build/Release/sh /bin

17. l00p:bash-92 Xr0b0t$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x’

this is a test

FINISH

SELAMAT MENGERJAKAN