deshellshock
deshellshock copied to clipboard
Published
20 hours ago •
pbkwee
pbkwee
cygwin support
the script doesn't handle cygwin at all.
If it helps, i'm attaching the output of the check command:
$ ./deshellshock.sh --check
dss:hostname: LucianSirbu-PC
dss:date: Tue, Sep 30, 2014 9:50:55 AM
Testing for CVE_2014_6271 (error messages occurring here can be expected):
vulnerable
dss:CVE_2014_6271 result isvulnerable Y 0
Testing for CVE-2014_7169 (error messages occurring here can be expected):
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
dss:CVE-2014_7169 result isvulnerable Y 0
Testing for CVE_2014_6277_6278 (error messages occurring here can be expected):
vulnerable
dss:CVE-2014_6277_6278 result isvulnerable Y 0
Testing for CVE_2014_7186:
./deshellshock.sh: line 128: 3120 Segmentation fault (core dumped) bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
CVE-2014-7186 vulnerable, redir_stack
dss:CVE_2014_7186 result isvulnerable Y 0
Testing for CVE_2014_7187:
bash: line 129: syntax error near `x129'
bash: line 129: `for x129 in ; do :'
CVE-2014-7187 vulnerable, word_lineno
dss:CVE_2014_7187 result isvulnerable Y 0
dss:info: Bash version: GNU bash, version 4.1.10(4)-release (i686-pc-cygwin)
dss:info: Bash ls: -rwxr-xr-x 1 Lucian Sirbu None 536078 Feb 26 2011 /usr/bin/bash
dss:Redhat-release: NA
dss:Debian-version: NA
dss:distroinfo: NA
dss:lsbreleasecommand: NA
Running the script directly gives:
$ ./deshellshock.sh
dss:info: Creating /root/deshellshockinfo and cd-ing there.
mkdir: cannot create directory `/root/deshellshockinfo': No such file or directory
dss:info: Running cp /bin/bash /root/deshellshockinfo/bash.orig
cp: cannot create regular file `/root/deshellshockinfo/bash.orig.exe': No such file or directory
dss:error: Failed making a copy of the original bash binary. Is there a disk error, out of disk space?
dss:isvulnerable:afterfix: CVE_2014_6271Y
dss:isvulnerable:afterfix: CVE_2014_7169Y
dss:isvulnerable:afterfix: CVE_2014_7186Y
dss:isvulnerable:afterfix: CVE_2014_7187Y
dss:isvulnerable:afterfix: CVE_2014_6277_6278Y
