This is meant to provide a summary of CVEs and fixes for them revolving around the shellshock collection of bugs. These bugs were primarily related to how bash does parsing of environment variables. Correlation between CVEs and upstream patches/releases has been fairly messy so I'm going to just summarize everything here. This pretty much comes from this oss-sec thread.
Currently I use hannob's bashceck script to do testing for shellshock related vulns.
| /*Required Headers*/ | |
| #define _GNU_SOURCE | |
| #include <sys/types.h> | |
| #include <sys/socket.h> | |
| #include <netdb.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <sched.h> | |
| #include <stdlib.h> |
| $ ruby symbol_test.rb | |
| Loaded suite symbol_test | |
| Started | |
| .. | |
| Finished in 0.001946 seconds. | |
| 2 tests, 2 assertions, 0 failures, 0 errors, 0 skips | |
| Test run options: --seed 40647 |
| def test_method_names_become_symbols | |
| symbols_as_strings = Symbol.all_symbols.map { |x| x.to_s } | |
| assert_equal true, symbols_as_strings.include?("test_method_names_become_symbols") | |
| end |
| require "test/unit" | |
| class TestLibraryFileName < Test::Unit::TestCase | |
| def my_method | |
| end | |
| def test_symbol | |
| assert_equal true, Symbol.all_symbols.include?(:my_method) | |
| end | |
| def my_block_method | |
| if block_given? | |
| (["hello"] * 3).each { | x | | |
| yield x | |
| } | |
| end | |
| end | |
| my_block_method { | x | | |
| puts x |
| def my_block_method | |
| if block_given? | |
| (["hello"] * 3).each { | x | | |
| yield x | |
| } | |
| end | |
| end | |
| my_block_method { | x | | |
| puts x |
| SOLAR:~ chriswhite$ ab -n 2000 -c 100 http://localhost:3000/ | |
| This is ApacheBench, Version 2.3 <$Revision: 655654 $> | |
| Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ | |
| Licensed to The Apache Software Foundation, http://www.apache.org/ | |
| Benchmarking localhost (be patient) | |
| Completed 200 requests | |
| Completed 400 requests | |
| Completed 600 requests | |
| Completed 800 requests |
| # encoding: UTF-8 | |
| Dir.glob("*").tap {|files| | |
| puts "ファイル数: #{files.length}" | |
| }.each {|filename| | |
| puts "ファイル情報: 【名前】 #{filename} 【サイズ】 #{File.stat(filename).size}" | |
| } | |
| # ファイル数: 6 | |
| # ファイル情報: 【名前】 binding.rb 【サイズ】 46 |
| # encoding: UTF-8 | |
| Dir.glob("*").tap {|files| | |
| files = [] | |
| }.each {|filename| | |
| puts "ファイル情報: 【名前】 #{filename} 【サイズ】 #{File.stat(filename).size}" | |
| } | |
| # ファイル情報: 【名前】 binding.rb 【サイズ】 46 | |
| # ファイル情報: 【名前】 block_test.rb 【サイズ】 137 |