Bash Vulnerability Detection Methods
You can run the following command to check whether the system has this vulnerability (running in the local Bash environment ):
Shell 1, CVE-2014-6271, Test method:
Env x = '() {:;}; echo vulnerable' bash-c "echo this is a test"
If the execution result is as follows, the vulnerability exists:
Vulnerable
This is a test
After the shell 1 is repaired, It is bypassed and Shell 2 appears.
Shell 2, CVE-2014-7169, Test method:
Env-I X = '() {(a) => \ 'bash-C' echo date'; cat echo
If the execution result is as follows, the vulnerability still exists:
Bash: X: line 1: syntax error near unexpected token '='
Bash: X: line 1 :''
Bash: error importing function definition for 'X'
Wed Sep 24 14:12:49 PDT 2014
In addition to the two most concerned shell CVE, we also saw several others on shellshocket.net. In contrast, the impact will be much smaller. Here is a simple description:
Shell 3, CVE unknown, Test method:
Env X = '() {}; echo vulnerable 'bash-C' date'
If the above command output "vulnerable", it means there is a vulnerability.
This is very similar to Shell 1, without CVE.
Shell 4, CVE-2014-7186, Test method:
Bash-c 'true <EOF <EOF <EOF '| echo "CVE-2014-7186 vulnerable, redir_stack"
If the above command output "CVE-2014-7186 vulnerable, redir_stack", it means there is a vulnerability.
Shell 5, CVE-2014-7187, Test method:
(For x in {1 .. 200}; do echo "for x $ x in; do:"; done; for x in {1 .. 200}; do echo done; done) | bash | echo "CVE-2014-7187 vulnerable, word_lineno"
If the above command output "CVE-2014-7187 vulnerable, word_lineno", it means there is a vulnerability.
Shell 6, CVE-2014-6278, Test method:
Shellshocker = '() {echo vulnerable;}' bash-c shellshocker
If the above command outputs "vulnerable", it means a vulnerability exists. Otherwise, the system prompts shellshocker that the command is not found.
This is more like the bash feature and is actually a vulnerability.
Shell 7, CVE-2014-6277, Test method:
Bash-c "f () {x () {_ ;}; x () {_ ;}< <a ;}" 2>/dev/null | echo vulnerable
If the above command output "vulnerable", it means there is a vulnerability.