tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tweaking shellshocker tests.

This commit is contained in:
d4t4king 2014-10-04 21:21:28 +00:00
parent c14e8ac94c
commit 0bb3176385
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/tests_shells
View File

@ -218,7 +218,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-2014-6271
logtext "Test: Check for first exploit (CVE-2014-6271)"
echo "\$(env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | grep 'vulnerable')" > /tmp/1.tmp
echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | grep 'vulnerable'" > /tmp/1.tmp
VULNERABLE=`${FIND} /tmp/1.tmp`
#echo "${VULNERABLE}"
if [ ! "${VULNERABLE}" = "" ]; then
@ -248,7 +248,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-2014-6271
logtext "Test: Check for first exploit (CVE-2014-6277)"
echo "\$((bash -c \"f() { x() { _;}; x() { _;} <<a; }\" 2>/dev/null || echo vulnerable) | grep 'vulnerable') 2>&1" > /tmp/2.tmp
echo "(bash -c \"f() { x() { _;}; x() { _;} <<a; }\" 2>/dev/null || echo vulnerable) | grep 'vulnerable'" > /tmp/2.tmp
VULNERABLE=`${FIND} /tmp/2.tmp`
#echo "${VULNERABLE}"
if [ ! "${VULNERABLE}" = "" ]; then
@ -278,7 +278,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-20146278
logtext "Test: Check for CVE-2014-6278"
echo "\$(shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable')" > /tmp/3.tmp
echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable'" > /tmp/3.tmp
#echo "${VULNERABLE}"
VULNERABLE=`${FIND} /tmp/3.tmp`
if [ ! "${VULNERABLE}" = "" ]; then
@ -309,7 +309,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-2014-7168
logtext "Test: Check for taviso bug CVE-2014-7169"
echo "\$((cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | grep ' vulnerable')" > /tmp/4.tmp
echo "(cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | grep ' vulnerable'" > /tmp/4.tmp
VULNERABLE=`${FIND} /tmp/4.tmp`
#echo "${VULNERABLE}"
if [ ! "${VULNERABLE}" = "" ]; then
@ -340,7 +340,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-2014-7186
logtext "Test: Check for CVE-2014-7186"
echo "\$((bash -c 'true \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF \<\<EOF' 2>/dev/null || echo \"vulnerable\") | grep 'vulnerable')" > /tmp/5.tmp
echo "(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo \"vulnerable\") | grep 'vulnerable'" > /tmp/5.tmp
VULNERABLE=`${FIND} /tmp/5.tmp`
#echo "$VULNERABLE"
if [ ! "${VULNERABLE}" = "" ]; then
@ -372,7 +372,7 @@
logtext "Result: found ${FIND} as a valid shell"
# CVE-2014-7186
logtext "Test: Check for CVE-2014-7187"
echo "\$(((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | grep 'vulnerable')" > /tmp/6.tmp
echo "((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | grep 'vulnerable'" > /tmp/6.tmp
VULNERABLE=`${FIND} /tmp/6.tmp`
#echo "$VULNERABLE"
if [ ! "${VULNERABLE}" = "" ]; then