CVE-2014-7169 PoC — GNU Bash 操作系统命令注入漏洞

Source

https://github.com/gina-alaska/bash-cve-2014-7169-cookbook

Associated Vulnerability

Title:GNU Bash 操作系统命令注入漏洞 (CVE-2014-7169)
Description:GNU Bash是美国软件开发者布莱恩-福克斯（Brian J. Fox）为GNU计划而编写的一个Shell（命令语言解释器），它运行于类Unix操作系统中（Linux系统的默认Shell），并能够从标准输入设备或文件中读取、执行命令，同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3 bash43-025及之前版本中存在安全漏洞，该漏洞源于程序没有正确处理环境变量值内的畸形函数定义。远程攻击者可借助特制的环境变量利用该漏洞写入文件。以下产品和模块受到影响：OpenSSH sshd中的Fo

Readme

# bash-cve-2014-7169-cookbook

Ensures bash 'shellshock' vulnerability is patched.  Based on blog post written by Julian Dunn @ Chef
https://www.chef.io/blog/2014/09/30/detecting-repairing-shellshock-with-chef/

File Snapshot


 [4.0K]  /data/pocs/33563334422b4345a3cf1d3dc8a74aebd5b1eb18
├── [  78]  Berksfile
├── [ 109]  CHANGELOG.md
├── [ 960]  chefignore
├── [4.0K]  files
│   ├── [4.0K]  centos-5
│   │   └── [1.9K]  CentOS-Base.repo
│   ├── [4.0K]  centos-6
│   │   └── [1.9K]  CentOS-Base.repo
│   ├── [4.0K]  centos-7
│   │   └── [1.6K]  CentOS-Base.repo
│   ├── [4.0K]  default
│   │   └── [4.0K]  plugins
│   │       └── [1.3K]  remediate-shellshock.rb
│   └── [4.0K]  redhat-6
│       └── [1.9K]  CentOS-Base.repo
├── [ 449]  Gemfile
├── [ 552]  LICENSE
├── [ 315]  metadata.rb
├── [ 211]  README.md
├── [4.0K]  recipes
│   ├── [ 483]  bash.rb
│   ├── [ 722]  default.rb
│   └── [  86]  ohai.rb
├── [ 241]  Thorfile
└── [3.2K]  Vagrantfile

8 directories, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!