這邊 Shellshocker – Repository of “Shellshock” Proof of Concept Code
收集了目前所有漏洞,有關於 bash vulnerable / shellshock
這裡 bashcheck 則有寫好的 script 可供檢查
已經沒有什麼 patch 套件可再 update 了
CentOS release 6.5 (Final) Linux XXX 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux bash-4.1.2-15.el6_5.2.x86_64
但還是中了一個 !!! :(
Testing /bin/bash ... GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu) Not vulnerable to CVE-2014-6271 (original shellshock) Not vulnerable to CVE-2014-7169 (taviso bug) Not vulnerable to CVE-2014-7186 (redir_stack bug) Test for CVE-2014-7187 not reliable without address sanitizer Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch] Not vulnerable to CVE-2014-6278 (lcamtuf bug #2) Variable function parser inactive, likely safe from unknown parser bugs
留言
https://en.wikipedia.org/wiki/Shellshock_(software_bug)