Home Explore Help
Register Sign In
Apq
/
Docker-official-images
mirror of https://github.com/docker-library/official-images.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: cb15147a20
Branches Tags
Docker-official...
/
test
/
tests
/
cve-2014--shellshock
/
shellshock_test.sh

shellshock_test.sh 2.6 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #!/bin/bash
    2. 

  2. EXITCODE=0
    3. 

  3. 

  4. # CVE-2014-6271
    5. 

  5. CVE20146271=$(env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" 2>&1 | grep 'vulnerable' | wc -l)
    6. 

  6. 

  7. echo -n "CVE-2014-6271 (original shellshock): "
    8. 

  8. if [ $CVE20146271 -gt 0 ]; then
    9. 

  9. 	echo -e "\033[91mVULNERABLE\033[39m"
    10. 

  10. 	EXITCODE=$((EXITCODE+1))
    11. 

  11. else
    12. 

  12. 	echo -e "\033[92mnot vulnerable\033[39m"
    13. 

  13. fi
    14. 

  14. 

  15. # CVE-2014-6277
    16. 

  16. # it is fully mitigated by the environment function prefix passing avoidance
    17. 

  17. CVE20146277=$((shellshocker="() { x() { _;}; x() { _;} <<a; }" bash -c date 2>/dev/null || echo vulnerable) | grep 'vulnerable' | wc -l)
    18. 

  18. 

  19. echo -n "CVE-2014-6277 (segfault): "
    20. 

  20. if [ $CVE20146277 -gt 0 ]; then
    21. 

  21. 	echo -e "\033[91mVULNERABLE\033[39m"
    22. 

  22. 	EXITCODE=$((EXITCODE+2))
    23. 

  23. else
    24. 

  24. 	echo -e "\033[92mnot vulnerable\033[39m"
    25. 

  25. fi
    26. 

  26. 

  27. # CVE-2014-6278
    28. 

  28. CVE20146278=$(shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable' | wc -l)
    29. 

  29. 

  30. echo -n "CVE-2014-6278 (Florian's patch): "
    31. 

  31. if [ $CVE20146278 -gt 0 ]; then
    32. 

  32. 	echo -e "\033[91mVULNERABLE\033[39m"
    33. 

  33. 	EXITCODE=$((EXITCODE+4))
    34. 

  34. else
    35. 

  35. 	echo -e "\033[92mnot vulnerable\033[39m"
    36. 

  36. fi
    37. 

  37. 

  38. # CVE-2014-7169
    39. 

  39. CVE20147169=$((cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ "$(cat echo 2> /dev/null)" == "nonvuln" ]] && echo "vulnerable" 2> /dev/null) | grep 'vulnerable' | wc -l)
    40. 

  40. 

  41. echo -n "CVE-2014-7169 (taviso bug): "
    42. 

  42. if [ $CVE20147169 -gt 0 ]; then
    43. 

  43. 	echo -e "\033[91mVULNERABLE\033[39m"
    44. 

  44. 	EXITCODE=$((EXITCODE+8))
    45. 

  45. else
    46. 

  46. 	echo -e "\033[92mnot vulnerable\033[39m"
    47. 

  47. fi
    48. 

  48. 

  49. # CVE-2014-7186
    50. 

  50. CVE20147186=$((bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo "vulnerable") | grep 'vulnerable' | wc -l)
    51. 

  51. 

  52. echo -n "CVE-2014-7186 (redir_stack bug): "
    53. 

  53. if [ $CVE20147186 -gt 0 ]; then
    54. 

  54. 	echo -e "\033[91mVULNERABLE\033[39m"
    55. 

  55. 	EXITCODE=$((EXITCODE+16))
    56. 

  56. else
    57. 

  57. 	echo -e "\033[92mnot vulnerable\033[39m"
    58. 

  58. fi
    59. 

  59. 

  60. # CVE-2014-7187
    61. 

  61. CVE20147187=$(((for x in {1..200}; do echo "for x$x in ; do :"; done; for x in {1..200}; do echo done; done) | bash || echo "vulnerable") | grep 'vulnerable' | wc -l)
    62. 

  62. 

  63. echo -n "CVE-2014-7187 (nested loops off by one): "
    64. 

  64. if [ $CVE20147187 -gt 0 ]; then
    65. 

  65. 	echo -e "\033[91mVULNERABLE\033[39m"
    66. 

  66. 	EXITCODE=$((EXITCODE+32))
    67. 

  67. else
    68. 

  68. 	echo -e "\033[92mnot vulnerable\033[39m"
    69. 

  69. fi
    70. 

  70. 

  71. # CVE-2014-////
    72. 

  72. CVE2014=$(env X=' () { }; echo vulnerable' bash -c 'date' | grep 'vulnerable' | wc -l)
    73. 

  73. 

  74. echo -n "CVE-2014-//// (exploit 3 on http://shellshocker.net/): "
    75. 

  75. if [ $CVE2014 -gt 0 ]; then
    76. 

  76. 	echo -e "\033[91mVULNERABLE\033[39m"
    77. 

  77. 	EXITCODE=$((EXITCODE+64))
    78. 

  78. else
    79. 

  79. 	echo -e "\033[92mnot vulnerable\033[39m"
    80. 

  80. fi
    81. 

  81. 

  82. exit $EXITCODE
    83.