Skip to content

Instantly share code, notes, and snippets.

@kacy
Last active June 16, 2020 20:22
Show Gist options
  • Save kacy/2b9408af04c71fab686e to your computer and use it in GitHub Desktop.
Save kacy/2b9408af04c71fab686e to your computer and use it in GitHub Desktop.
CVE-2014-6271 fix for ubuntu bash
---
- hosts: all
user: root
sudo: true
tasks:
- name: update apt
command: apt-get update
- name: update bash
command: apt-get --only-upgrade install bash
- name: check bash fix
command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
register: command_result
failed_when: "'error' not in command_result.stderr"
@jmserra
Copy link

jmserra commented Nov 7, 2014

As for the last task, you could use the shellshocker site script to easily check if all vulnerabilities were resolved by doing:

- name: check vulnerability status fix
  shell: curl https://shellshocker.net/shellshock_test.sh | bash
  register: command_result

- debug: var=command_result.stdout_lines      

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment