pbruna/GHOST-test.sh

## GHOST-test.sh
#!/bin/bash
#Version 3

echo "Installed glibc version(s)"

rv=0
for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
    glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
    glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')
    glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }')

    echo -n "- $glibc_nvr: "
    if [ "$glibc_maj" -gt 2   -o  \
        \( "$glibc_maj" -eq 2  -a  "$glibc_min" -ge 18 \) ]; then
        # fixed upstream version
        echo 'not vulnerable'
    else
        # all RHEL updates include CVE in rpm %changelog
        if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then
            echo "not vulnerable"
        else
            echo "vulnerable"
            rv=1
        fi
    fi
done

if [ $rv -ne 0 ]; then
    cat <<EOF

This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
Please refer to <https://access.redhat.com/articles/1332213> for remediation steps
EOF
fi

exit $rv
	#!/bin/bash
	#Version 3

	echo "Installed glibc version(s)"

	rv=0
	for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
	glibc_ver=$( echo "$glibc_nvr" \| awk -F- '{ print $2 }' )
	glibc_maj=$( echo "$glibc_ver" \| awk -F. '{ print $1 }')
	glibc_min=$( echo "$glibc_ver" \| awk -F. '{ print $2 }')

	echo -n "- $glibc_nvr: "
	if [ "$glibc_maj" -gt 2 -o \
	\( "$glibc_maj" -eq 2 -a "$glibc_min" -ge 18 \) ]; then
	# fixed upstream version
	echo 'not vulnerable'
	else
	# all RHEL updates include CVE in rpm %changelog
	if rpm -q --changelog "$glibc_nvr" \| grep -q 'CVE-2015-0235'; then
	echo "not vulnerable"
	else
	echo "vulnerable"
	rv=1
	fi
	fi
	done

	if [ $rv -ne 0 ]; then
	cat <<EOF

	This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
	Please refer to <https://access.redhat.com/articles/1332213> for remediation steps
	EOF
	fi

	exit $rv