Posted on 10-21-2014 10:27 PM
Hi all,
Thought there may be a few people interested in some bash 3.2.57 and sh binaries I've compiled on different versions of OS X to patch the CVEs associated with the 'shellshock' vulnerabilities. Apple's official patch does not correct all CVEs last I checked. There is also included a script for compiling bash yourself (make sure to accept the Xcode license agreement beforehand!).
DISCLAIMER: Use at your own risk. I compiled and tested all these files and they should be safe, but you are responsible for your own systems!
GitHub: https://github.com/owen-74bit/shellshockFixOSX
S3: https://s3-us-west-2.amazonaws.com/bashbinaries/shellshockFix10.6-10.10.zip
Mega: https://mega.co.nz/#!jAV10BbT!RrRSr5z8dDTX3bQ4KnUYDQe_puQCyQca3b0IVOsxK0k
All real credit to the wonderful people in this thread: http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an
Happy to get any at all input on this, I'm not really the security guy and apologize if there are any glaring mistakes that I've made. Downloading precompiled binaries may be a faux pas but I hope this will help someone.
Posted on 10-22-2014 06:52 AM
Thank you!
Posted on 10-25-2014 02:34 PM