bash vulnerability detection several methods-vulnerability warning-the black bar safety net

2015-02-10T00:00:00
ID MYHACK58:62201558967
Type myhack58
Reporter 佚名
Modified 2015-02-10T00:00:00

Description

You can use the following command to check the system for the existence of this vulnerability in native Bash environment, run: the

Broken shells 1, CVE-2 0 1 4-6 2 7 1, Test Method: env x='() { :;}; echo vulnerable' bash-c "echo this is a test" Such as the implementation of the following results indicates that there are vulnerabilities: vulnerable this is a test Break the shell 1 is after repair, has been bypassed, there has been a broken shell of 2.

Broken shell 2, The CVE-2 0 1 4-7 1 6 9, test methods: env-i X='() { (a)=>\' bash-c 'echo date'; cat echo As the implementation results are as follows then there are still vulnerabilities: bash: X: line 1: syntax error near unexpected token =' bash: X: line 1: bash: error importing function definition for `X' Wed Sep 2 4 1 4:1 2:4 9 PDT 2 0 1 4

[1] [2] [3] next