diff options
| author | mboelen <michael@cisofy.com> | 2015-01-03 14:45:22 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-01-03 14:45:22 +0300 |
| commit | 5caf4ddc4f2febbd4504aaae91fc11889101d816 (patch) | |
| tree | d99e27069a78e33f05c970594a1a674718e6790f /include/tests_shells | |
| parent | c5f8a3fe6238d52c41247935b191448ac6254800 (diff) | |
Update of the files to reflect HTTPS version of website and 2015. Happy New Year!
Diffstat (limited to 'include/tests_shells')
| -rw-r--r-- | include/tests_shells | 80 |
1 files changed, 40 insertions, 40 deletions
diff --git a/include/tests_shells b/include/tests_shells index bf0b7f71..7305d170 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -5,7 +5,7 @@ # Lynis # ------------------ # -# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands +# Copyright 2007-2015, Michael Boelen (michael@rootkit.nl), The Netherlands # Web site: http://www.rootkit.nl # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are @@ -229,105 +229,105 @@ logtext "Result: found ${FIND} as a valid shell" SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1 - # CVE-2014-6271 - logtext "Test: Check for first exploit (CVE-2014-6271)" + # CVE-2015-6271 + logtext "Test: Check for first exploit (CVE-2015-6271)" echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)" - Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED + logtext "Result: Vulnerable to original shellshock (CVE-2015-6271)" + Display --indent 2 --text "- Shellshock: CVE-2015-6271 (original shellshocker)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)" - #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to original shellshock (CVE-2015-6271)" + #Display --indent 4 --text "- CVE-2015-6271 (original shellshocker)" --result "OK" --color GREEN fi - # CVE-2014-6277 - logtext "Test: Check for first exploit (CVE-2014-6277)" + # CVE-2015-6277 + logtext "Test: Check for first exploit (CVE-2015-6277)" echo "(bash -c \"f() { x() { _;}; x() { _;} <<a; }\" 2>/dev/null || echo vulnerable) | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to original shellshock (CVE-2014-6277). This may not be a security risk, as distributions patched it. Still it shows your bash is vulnerable for crashing." - Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED + logtext "Result: Vulnerable to original shellshock (CVE-2015-6277). This may not be a security risk, as distributions patched it. Still it shows your bash is vulnerable for crashing." + Display --indent 2 --text "- Shellshock: CVE-2015-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED # Do not trigger the warning for this particular test. Most distributions did actually patch it to reduce the security risks, while allowing it still to segfault. #FOUND=1 else - logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)" - #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to original shellshock (CVE-2015-6277)" + #Display --indent 4 --text "- CVE-2015-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN fi - # CVE-2014-6278 - logtext "Test: Check for CVE-2014-6278" + # CVE-2015-6278 + logtext "Test: Check for CVE-2015-6278" echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2014-6278" - Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2015-6278" + Display --indent 2 --text "- Shellshock: CVE-2015-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2014-6278" - #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2015-6278" + #Display --indent 4 --text "- CVE-2015-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN fi - # CVE-2014-7169 - logtext "Test: Check for taviso bug CVE-2014-7169" + # CVE-2015-7169 + logtext "Test: Check for taviso bug CVE-2015-7169" echo "(cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | grep ' vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)" - Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED + logtext "Result: Vulnerable to taviso bug (CVE-2015-7169)" + Display --indent 2 --text "- Shellshock: CVE-2015-7169 (taviso bug)" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)" - #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN + logtext "Result: Not vulnerable to taviso bug (CVE-2015-7169)" + #Display --indent 4 --text "- CVE-2015-7169 (taviso bug)" --result "OK" --color GREEN fi - # CVE-2014-7186 - logtext "Test: Check for CVE-2014-7186" + # CVE-2015-7186 + logtext "Test: Check for CVE-2015-7186" echo "(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo \"vulnerable\") | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2014-7186" - Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2015-7186" + Display --indent 2 --text "- Shellshock: CVE-2015-7186 redir_stack bug" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2014-7186" - #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2015-7186" + #Display --indent 4 --text "- CVE-2015-7186 redir_stack bug" --result "OK" --color GREEN fi - # CVE-2014-7187 - logtext "Test: Check for CVE-2014-7187" + # CVE-2015-7187 + logtext "Test: Check for CVE-2015-7187" echo "((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | grep 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2014-7187" - Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED + logtext "Result: Vulnerable to CVE-2015-7187" + Display --indent 2 --text "- Shellshock: CVE-2015-7187 nested loops off by one bug" --result "WARNING" --color RED FOUND=1 else - logtext "Result: Not vulnerable to CVE-2014-7187" - #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN + logtext "Result: Not vulnerable to CVE-2015-7187" + #Display --indent 4 --text "- CVE-2015-7187 nested loops off by one bug" --result "OK" --color GREEN fi - # CVE-2014-//// + # CVE-2015-//// logtext "Test: Check for bug Exploit #3 - shellshocker.net (no CVE)" echo "env X=' () { }; echo hello' bash -c 'date'| grep 'hello'" > ${SHELLSHOCK_TMP} VULNERABLE=`${FIND} ${SHELLSHOCK_TMP} 2> /dev/null` rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)" + logtext "Result: Vulnerable to CVE-2015-//// (exploit #3 on shellshocker.net)" Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED FOUND=1 else @@ -359,4 +359,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2014, CISOfy & Michael Boelen - http://cisofy.com - The Netherlands +# Lynis - Copyright 2007-2015, CISOfy & Michael Boelen - http://cisofy.com - The Netherlands |