Shellshock aka Bash Bug vulnerability was discovered just one week back and its growing day by day. Most of security researchers are aware of just two vulnerabilities related to shellshock or bash bug i.e. CVE-2014-6271 and CVE-2014-7169. But my friends there are lot more vulnerabilities that come under the scope of Shellshock bash bug. Today i will share complete list of vulnerabilities which are related to Shellshock bash bug. In our previous two articles, we have learned about basics of shellshock i.e. bash vulnerability and how to patch those. Today we will learn how to test all vulnerabilities related to Shellshock aka bash bug.
Shellshock Bash Bug Complete List of Vulnerabilities and Test String |
CVE-2014-6271:
env X='() { :; }; echo “CVE-2014-6271 vulnerable”‘ bash -c id
CVE-2014-7169 :
env X='() { (a)=>’ bash -c “echo date”; cat echo
CVE-2014-6277 :
foo='() { echo CVE-2014-6277 Vulnerable; }’ bash -c foo
CVE-2014-6278 :
foo='() { echo CVE-2014-6278 Vulnerable; }’ bash -c foo
CVE-2014-7186 :
bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF’ || echo “CVE-2014-7186 vulnerable, redir_stack”
CVE-2014-7187 :
(for x in {1..200} ; do echo “for x$x in ; do :”; done; for x in {1..200} ; do echo done ; done) | bash || echo “CVE-2014-7187 vulnerable, word_lineno”
Leave a Reply