bobmaerten/gist:c454ad03dbf81f72c220

## gistfile1.txt
❯ docker run --rm -i -t debian /bin/bash
root@bafbca8fc9af:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("^C
root@bafbca8fc9af:/#
root@bafbca8fc9af:/#
root@bafbca8fc9af:/#
root@bafbca8fc9af:/# exit

❯ docker run --rm -i -t debian /bin/bash
root@feff7506db14:/# # test CVE-2014-6271
root@feff7506db14:/# env x='() { :;}; echo vulnerable' bash -c echo
vulnerable

root@feff7506db14:/# # and CVE-2014-7169
root@feff7506db14:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
still vulnerable :(
root@feff7506db14:/# exit

❯ docker pull debian
Pulling repository debian
e565fbbc6033: Download complete
d56191e18d6b: Download complete
99bedb6181f9: Download complete
4bd5c5167d87: Download complete
186c653f407d: Download complete
00abb8b6d294: Download complete
fd10997380bc: Download complete
b5fe16f2ccba: Download complete
acaac612a9c7: Download complete
fee2ea4e24af: Download complete
064abb0b74c0: Download complete
06af7ad6cff1: Download complete
147ad610cb86: Download complete
8f7a4d0a4823: Download complete
a858b759e896: Download complete
511136ea3c5a: Download complete
0ced2657081d: Download complete
6bd9887df924: Download complete
1da500df1fa5: Download complete
fc771a104334: Download complete
b25c4c583304: Download complete
405cce5cd17d: Download complete
1f2439448d81: Download complete
584162d19e17: Download complete
5ac533fe7902: Download complete
09dea90e78b7: Download complete
532d5076717c: Download complete
ad261d40b2ab: Download complete
ec3443b7b068: Download complete
6c0d4e997980: Download complete
92fe4e96d58f: Download complete

❯ docker run --rm -i -t debian /bin/bash
root@7dc5d6e7324a:/# # test CVE-2014-6271
root@7dc5d6e7324a:/# env x='() { :;}; echo vulnerable' bash -c echo

root@7dc5d6e7324a:/# # and CVE-2014-7169
root@7dc5d6e7324a:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
echo vuln
cat: echo: No such file or directory
root@7dc5d6e7324a:/# exit
	❯ docker run --rm -i -t debian /bin/bash
	root@bafbca8fc9af:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("^C
	root@bafbca8fc9af:/#
	root@bafbca8fc9af:/#
	root@bafbca8fc9af:/#
	root@bafbca8fc9af:/# exit

	❯ docker run --rm -i -t debian /bin/bash
	root@feff7506db14:/# # test CVE-2014-6271
	root@feff7506db14:/# env x='() { :;}; echo vulnerable' bash -c echo
	vulnerable

	root@feff7506db14:/# # and CVE-2014-7169
	root@feff7506db14:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
	bash: X: line 1: syntax error near unexpected token `='
	bash: X: line 1: `'
	bash: error importing function definition for `X'
	still vulnerable :(
	root@feff7506db14:/# exit

	❯ docker pull debian
	Pulling repository debian
	e565fbbc6033: Download complete
	d56191e18d6b: Download complete
	99bedb6181f9: Download complete
	4bd5c5167d87: Download complete
	186c653f407d: Download complete
	00abb8b6d294: Download complete
	fd10997380bc: Download complete
	b5fe16f2ccba: Download complete
	acaac612a9c7: Download complete
	fee2ea4e24af: Download complete
	064abb0b74c0: Download complete
	06af7ad6cff1: Download complete
	147ad610cb86: Download complete
	8f7a4d0a4823: Download complete
	a858b759e896: Download complete
	511136ea3c5a: Download complete
	0ced2657081d: Download complete
	6bd9887df924: Download complete
	1da500df1fa5: Download complete
	fc771a104334: Download complete
	b25c4c583304: Download complete
	405cce5cd17d: Download complete
	1f2439448d81: Download complete
	584162d19e17: Download complete
	5ac533fe7902: Download complete
	09dea90e78b7: Download complete
	532d5076717c: Download complete
	ad261d40b2ab: Download complete
	ec3443b7b068: Download complete
	6c0d4e997980: Download complete
	92fe4e96d58f: Download complete

	❯ docker run --rm -i -t debian /bin/bash
	root@7dc5d6e7324a:/# # test CVE-2014-6271
	root@7dc5d6e7324a:/# env x='() { :;}; echo vulnerable' bash -c echo

	root@7dc5d6e7324a:/# # and CVE-2014-7169
	root@7dc5d6e7324a:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
	echo vuln
	cat: echo: No such file or directory
	root@7dc5d6e7324a:/# exit