diff options
author | mboelen <michael@cisofy.com> | 2015-01-16 00:06:34 +0300 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2015-01-16 00:06:34 +0300 |
commit | 44a530719cd9dddf8f9ee814209dffcfe5adb568 (patch) | |
tree | 211061395487eefe0a1c9a226a86d184fab89e41 /include/tests_shells | |
parent | 5caf4ddc4f2febbd4504aaae91fc11889101d816 (diff) |
Disabling Shellshock test as it gives false positives
Diffstat (limited to 'include/tests_shells')
-rw-r--r-- | include/tests_shells | 84 |
1 files changed, 35 insertions, 49 deletions
diff --git a/include/tests_shells b/include/tests_shells index 7305d170..d588ed76 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -5,8 +5,8 @@ # Lynis # ------------------ # -# Copyright 2007-2015, Michael Boelen (michael@rootkit.nl), The Netherlands -# Web site: http://www.rootkit.nl +# Copyright 2007-2015, Michael Boelen (michael.boelen@cisofy.com) +# Web site: https://cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. @@ -229,105 +229,91 @@ logtext "Result: found ${FIND} as a valid shell" SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1 - # CVE-2015-6271 - logtext "Test: Check for first exploit (CVE-2015-6271)" + # CVE-2014-6271 + logtext "Test: Check for first exploit (CVE-2014-6271)" echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to original shellshock (CVE-2015-6271)" - Display --indent 2 --text "- Shellshock: CVE-2015-6271 (original shellshocker)" --result "WARNING" --color RED + logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)" + Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to original shellshock (CVE-2015-6271)" - #Display --indent 4 --text "- CVE-2015-6271 (original shellshocker)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)" + #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN fi - # CVE-2015-6277 - logtext "Test: Check for first exploit (CVE-2015-6277)" - echo "(bash -c \"f() { x() { _;}; x() { _;} <<a; }\" 2>/dev/null || echo vulnerable) | grep 'vulnerable'" > ${SHELLSHOCK_TMP} - VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` - rm -f ${SHELLSHOCK_TMP} - if [ ! "${VULNERABLE}" = "" ]; then - logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to original shellshock (CVE-2015-6277). This may not be a security risk, as distributions patched it. Still it shows your bash is vulnerable for crashing." - Display --indent 2 --text "- Shellshock: CVE-2015-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED - # Do not trigger the warning for this particular test. Most distributions did actually patch it to reduce the security risks, while allowing it still to segfault. - #FOUND=1 - else - logtext "Result: Not vulnerable to original shellshock (CVE-2015-6277)" - #Display --indent 4 --text "- CVE-2015-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN - fi + # CVE-2014-6277 (disabled, as this test was giving too much false positives) - # CVE-2015-6278 - logtext "Test: Check for CVE-2015-6278" + # CVE-2014-6278 + logtext "Test: Check for CVE-2014-6278" echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2015-6278" - Display --indent 2 --text "- Shellshock: CVE-2015-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2014-6278" + Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2015-6278" - #Display --indent 4 --text "- CVE-2015-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2014-6278" + #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN fi - # CVE-2015-7169 - logtext "Test: Check for taviso bug CVE-2015-7169" + # CVE-2014-7169 + logtext "Test: Check for taviso bug CVE-2014-7169" echo "(cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | grep ' vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to taviso bug (CVE-2015-7169)" - Display --indent 2 --text "- Shellshock: CVE-2015-7169 (taviso bug)" --result "WARNING" --color RED + logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)" + Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to taviso bug (CVE-2015-7169)" - #Display --indent 4 --text "- CVE-2015-7169 (taviso bug)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)" + #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN fi - # CVE-2015-7186 - logtext "Test: Check for CVE-2015-7186" + # CVE-2014-7186 + logtext "Test: Check for CVE-2014-7186" echo "(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo \"vulnerable\") | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2015-7186" - Display --indent 2 --text "- Shellshock: CVE-2015-7186 redir_stack bug" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2014-7186" + Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2015-7186" - #Display --indent 4 --text "- CVE-2015-7186 redir_stack bug" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2014-7186" + #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN fi - # CVE-2015-7187 - logtext "Test: Check for CVE-2015-7187" + # CVE-2014-7187 + logtext "Test: Check for CVE-2014-7187" echo "((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2015-7187" - Display --indent 2 --text "- Shellshock: CVE-2015-7187 nested loops off by one bug" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2014-7187" + Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2015-7187" - #Display --indent 4 --text "- CVE-2015-7187 nested loops off by one bug" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2014-7187" + #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN fi - # CVE-2015-//// + # CVE-2014-//// logtext "Test: Check for bug Exploit #3 - shellshocker.net (no CVE)" echo "env X=' () { }; echo hello' bash -c 'date'| grep 'hello'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2015-//// (exploit #3 on shellshocker.net)" + logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)" Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED FOUND=1 else |