Sample Header Ad - 728x90

Inconsistent shellshock exploitation

0 votes
1 answer
360 views
bash shellshock vulnerability
I am trying to demonstrate the shellshock vulnerability according to the commands posted [here](https://serverfault.com/questions/631257/how-to-test-if-my-server-is-vulnerable-to-the-shellshock-bug) . I have taken two systems under consideration: the first one has a vulnerable bash in $PATH; the other has a patched version of bash in $PATH, and a "supposedly vulnerable" version in /opt/vulnerable, that has been compiled from source. On the **first system**, I am able to successfully exploit the bug: $ bash --version GNU bash, version 4.1.2(1)-release (i386-redhat-linux-gnu) [...] $ cat env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > EOM vulnerable this is a test On the **second system**, as described above, there is a patched bash in $PATH and a recently (as in a few hours ago) compiled from source version of bash in /opt/vulnerable that should be vulnerable: $ bash --version GNU bash, version 4.3.11(1)-release (i686-pc-linux-gnu) [...] $ /opt/vulnerable/bin/bash GNU bash, version 4.1.0(1)-release (i686-pc-linux-gnu) [...] I'm passing these commands through the default version to the vulnerable version, and I'm unable to exploit it: $ cat env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > EOM this is a test I've also tried using [this](https://github.com/wreiske/shellshocker/blob/master/shellshock_test.sh) script for testing, but it fails to detect any vulnerability. (The command has been issued from the default, patched shell): $ /opt/vulnerable/bin/bash shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable CVE-2014-6277 (segfault): not vulnerable CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/) : not vulnerable Am I doing something wrong here? Or have all bash sources archives on ftp.gnu.org have been patched against this vulnerability?
Asked by user48923
Nov 18, 2015, 04:02 PM
Last activity: Nov 19, 2015, 12:00 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "bash"
More questions tagged "shellshock"
More questions tagged "vulnerability"
Footer Ad - 728x90