Skip to content

Instantly share code, notes, and snippets.

@bobmaerten
Created September 30, 2014 07:34
Show Gist options
  • Save bobmaerten/c454ad03dbf81f72c220 to your computer and use it in GitHub Desktop.
Save bobmaerten/c454ad03dbf81f72c220 to your computer and use it in GitHub Desktop.
Remember to update your docker images too!
❯ docker run --rm -i -t debian /bin/bash
root@bafbca8fc9af:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("^C
root@bafbca8fc9af:/#
root@bafbca8fc9af:/#
root@bafbca8fc9af:/#
root@bafbca8fc9af:/# exit
❯ docker run --rm -i -t debian /bin/bash
root@feff7506db14:/# # test CVE-2014-6271
root@feff7506db14:/# env x='() { :;}; echo vulnerable' bash -c echo
vulnerable
root@feff7506db14:/# # and CVE-2014-7169
root@feff7506db14:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
still vulnerable :(
root@feff7506db14:/# exit
❯ docker pull debian
Pulling repository debian
e565fbbc6033: Download complete
d56191e18d6b: Download complete
99bedb6181f9: Download complete
4bd5c5167d87: Download complete
186c653f407d: Download complete
00abb8b6d294: Download complete
fd10997380bc: Download complete
b5fe16f2ccba: Download complete
acaac612a9c7: Download complete
fee2ea4e24af: Download complete
064abb0b74c0: Download complete
06af7ad6cff1: Download complete
147ad610cb86: Download complete
8f7a4d0a4823: Download complete
a858b759e896: Download complete
511136ea3c5a: Download complete
0ced2657081d: Download complete
6bd9887df924: Download complete
1da500df1fa5: Download complete
fc771a104334: Download complete
b25c4c583304: Download complete
405cce5cd17d: Download complete
1f2439448d81: Download complete
584162d19e17: Download complete
5ac533fe7902: Download complete
09dea90e78b7: Download complete
532d5076717c: Download complete
ad261d40b2ab: Download complete
ec3443b7b068: Download complete
6c0d4e997980: Download complete
92fe4e96d58f: Download complete
❯ docker run --rm -i -t debian /bin/bash
root@7dc5d6e7324a:/# # test CVE-2014-6271
root@7dc5d6e7324a:/# env x='() { :;}; echo vulnerable' bash -c echo
root@7dc5d6e7324a:/# # and CVE-2014-7169
root@7dc5d6e7324a:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
echo vuln
cat: echo: No such file or directory
root@7dc5d6e7324a:/# exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment