bash-vulnerability

fix.rb

# ip addresses
servers = [
  "1.1.1.1"
]

user = "ubuntu"

servers.each do |server|
	puts server
	system "scp -q -p test-for-vulnerability #{user}@#{server}:~"
	vulnerable = `ssh #{user}@#{server} /home/#{user}/test-for-vulnerability`.include?("vulnerable")
	if vulnerable
		puts "VULNERABLE!"
		system "ssh ubuntu@#{server} 'bash --version |head -n 1'"
		system "ssh ubuntu@#{server} 'sudo apt-get update -y && sudo apt-get -y install bash'"
	else
		puts "NOT VULNERABLE!"
	end
	puts
end

test-for-vulnerability

#!/bin/bash

env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

Notes:

• This will not work for servers where you login as root.
• You'll need to ssh-add all your keys.