[SHLL-6290] Removed ShellShock test as it is no longer needed - CVE-2017-8108

author: Michael Boelen <michael.boelen@cisofy.com> 2017-05-03 10:33:40 +0300
committer: Michael Boelen <michael.boelen@cisofy.com> 2017-05-03 10:33:40 +0300
commit: 67333bb09a03b08085015daf4bce90ed5c86cc0b (patch)
tree: c7dc1f7a84b2e3b132c3232737f64eab134560b0 /include/tests_shells
parent: 9e10fdfbc809977cd8ebc15b34862fde8e1c2e32 (diff)
1 files changed, 0 insertions, 127 deletions
diff --git a/include/tests_shells b/include/tests_shells
index d79560e9..628fa4c9 100644
--- a/include/tests_shells
+++ b/include/tests_shells
@@ -264,133 +264,6 @@
 #
 #################################################################################
 #
-    # Test        : SHLL-6290
-    # Description : Check for Shellshock vulnerability
-    # TODO remove this test?
-    Register --test-no SHLL-6290 --weight H --network NO --category security --description "Perform Shellshock vulnerability tests"
-    if [ ${SKIPTEST} -eq 0 ]; then
-        FOUND=0
-        x=""
-        #Display --indent 2 --text "- Testing for Shellshock vulnerability"
-        LogText "Test: Check if bash is in the list of shells."
-        if [ -f /etc/shells ]; then
-            LogText "Test: checking for bash shell in /etc/shells"
-            FIND=$(${EGREPBINARY} '(/usr)?(/local)?/bin/bash' /etc/shells | ${GREPBINARY} -v "^#" | head -1)
-        else
-            LogText "Test: checking if bash is available via which command"
-            FIND=$(which bash 2> /dev/null | grep -v "no [^ ]* in " | head -1)
-        fi
-
-        LogText "Result: command revealed ${FIND} as output"
-        if [ ! -z "${FIND}" ]; then
-            if [ -x "${FIND}" -a ! -L "${FIND}" ]; then
-                LogText "Result: found ${FIND} as a valid shell"
-                CreateTempFile || ExitFatal
-                SHELLSHOCK_TMP="${TEMP_FILE}"
-
-                # CVE-2014-6271
-                LogText "Test: Check for first exploit (CVE-2014-6271)"
-                echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! -z "${VULNERABLE}" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to original shellshock (CVE-2014-6271)"
-                    Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to original shellshock (CVE-2014-6271)"
-                fi
-
-                # CVE-2014-6277 (disabled, as this test was giving too much false positives)
-
-                # CVE-2014-6278
-                LogText "Test: Check for CVE-2014-6278"
-                echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! -z "${VULNERABLE}" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to CVE-2014-6278"
-                    Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to CVE-2014-6278"
-                fi
-
-                # CVE-2014-7169
-                LogText "Test: Check for taviso bug CVE-2014-7169"
-                echo "(cd /tmp; rm -f /tmp/echo; env X='() { (a)=>\' bash -c "echo echo nonvuln" 2>/dev/null; [[ \"\$(cat echo 2> /dev/null)\" == \"nonvuln\" ]] && echo \"vulnerable\" 2> /dev/null) | ${GREPBINARY} '   vulnerable'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! "${VULNERABLE}" = "" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to taviso bug (CVE-2014-7169)"
-                    Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to taviso bug (CVE-2014-7169)"
-                fi
-
-                # CVE-2014-7186
-                LogText "Test: Check for CVE-2014-7186"
-                echo "(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null || echo \"vulnerable\") | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! "${VULNERABLE}" = "" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to CVE-2014-7186"
-                    Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to CVE-2014-7186"
-                fi
-
-                # CVE-2014-7187
-                LogText "Test: Check for CVE-2014-7187"
-                echo "((for x in {1..200}; do echo \"for x$x in ; do :\"; done; for x in {1..200}; do echo done; done) | bash || echo \"vulnerable\") | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! "${VULNERABLE}" = "" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to CVE-2014-7187"
-                    Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to CVE-2014-7187"
-                fi
-
-                # CVE-2014-////
-                LogText "Test: Check for bug Exploit #3 - shellshocker.net (no CVE)"
-                echo "env X=' () { }; echo hello' bash -c 'date'| ${GREPBINARY} 'hello'" > ${SHELLSHOCK_TMP}
-                VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null)
-                rm -f ${SHELLSHOCK_TMP}
-                if [ ! -z "${VULNERABLE}" ]; then
-                    LogText "Output: ${VULNERABLE}"
-                    LogText "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)"
-                    Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "${STATUS_WARNING}" --color RED
-                    FOUND=1
-                else
-                    LogText "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)"
-                fi
-            else
-                LogText "Result: bash binary found, but not executable, or it is symlinked"
-            fi
-        else
-            LogText "Result: could not find bash to be a valid shell"
-        fi
-
-        if [ ${FOUND} -eq 1 ]; then
-            ReportWarning ${TEST_NO} "System vulnerable to Shellshock (bash)"
-            AddHP 0 25
-        else
-            AddHP 5 5
-        fi
-        unset x
-    fi
-#
-#################################################################################
-#
 
 Report "session_timeout_enabled=${IDLE_TIMEOUT}"
author	Michael Boelen <michael.boelen@cisofy.com>	2017-05-03 10:33:40 +0300
committer	Michael Boelen <michael.boelen@cisofy.com>	2017-05-03 10:33:40 +0300
commit	67333bb09a03b08085015daf4bce90ed5c86cc0b (patch)
tree	c7dc1f7a84b2e3b132c3232737f64eab134560b0 /include/tests_shells
parent	9e10fdfbc809977cd8ebc15b34862fde8e1c2e32 (diff)