Patching Bash "shellshock" on Apple Mac OS X 10.9.5

Given the recent bash vulnerability disclosure[1] most linux distributions have released patches. Unfortunately Apple still expected users to compile their patches into bash. If you were using Homebrew or Macport you were in better standing and simply had to create symlinks to the patched executables. I've documented the steps I had to take on my Mac desktop.

Compile

1. mkdir bash
2. cd bash/
3. wget http://opensource.apple.com/tarballs/bash/bash-92.tar.gz
4. tar zxvf bash-92.tar.gz
5. cd bash-92
6. cd bash-3.2/
7. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
8. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
9. curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0
10. cd ..
11. xcodebuild

Verify

1. /bin/bash --version
2. ~/bash/bash-92/build/Release/bash --version

Install

1. sudo mv /bin/bash /bin/bash.vulnerable sudo cp /bin/bash /bin/bash.vulnerable
2. sudo mv /bin/sh /bin/sh.vulnerable sudo cp /bin/sh /bin/sh.vulnerable
3. sudo chmod 0000 /bin/bash.vulnerable
4. sudo chmod 0000 /bin/sh.vulnerable
5. sudo cp ~/bash/bash-92/build/Release/bash /bin/
6. sudo cp ~/bash/bash-92/build/Release/sh /bin/
7. /bin/bash --version

References:

1. https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
2. http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
3. https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
4. https://access.redhat.com/articles/1200223
5. http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html
6. http://support.apple.com/kb/HT1222
7. http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00085.html
8. http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00228.html
9. http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00282.html

CentOS 6.4 VirtualBox VM won't boot up after doing an update/upgrade!!!

Often times, I employ a CentOS VirtualBox virtual machine (VM) as a development, testing and staging environment, I love the flexibility of virtual environments for testing and development work before moving my work to production environments.

Recently I ran a yum update and yum upgrade on a CentOS 6.4 VM and subsequently rebooted it, only to be greeted by a blank screen following bootup. A quick search of virtual TTY terminals yielded a login prompt.

Search of the usual logs (/var/log/messages and /var/log/dmesg) did not yield anything useful, however, the /var/log/Xorg.0.log displayed some interesting messages. Of particular interest were;

"... (EE) Failed to load module "vboxvideo" (module requirement mismatch, 0)"
... (EE) No drivers available."
Fatal server error:"
... no screens found"

A bit of Google revealed "http://www.centos.org/modules/newbb/print.php?form=1&topic_id=41799&forum=55&order=ASC&start=0" So I followed suit and backed up the /etc/X11/xorg.conf file and rebooted :) All is well...

Cisco 857W Router - Upgrade ADSL Firmware

To upgrade the ADSL firmware you need to get the latest .bin firmware file from Cisco. You will need a CCO and a valid contract to download the file.

One you have this, copy the file to flash using a TFTP server. Then rename the file to remove the version number, then make a backup of the configuration file just in case and reboot the router. The reboot should force the new firmware to be loaded. Once rebooted verify the version of the firmware

Check the version of the firmware current running
show dsl interface ATM 0

Init FW:         init_xxx-x.x.xxx.bin
Operation FW:    xxx-x.x.x.bin
FW Source:       xxxxxxxx
FW Version:      x.x.x


Check the amount of space available on flash for the firmware, ensure that the bytes free is greater than the size of the firmware .bin file
show flash

19353600 bytes total (5369856 bytes free)

Copy the firmware .bin file to flash
copy tftp://xxx.xxx.xxx.xxx/adsl_alc_20190.x.x.x.bin

Rename the file on flash to adsl_alc_20190.bin
rename flash:adsl_alc_20190.x.x.x.bin adsl_alc_20190.bin

Reboot the router
reload