Redhat / Centos ShellShock remediation

I realize it's old info now but I'm posting this for my own reference.  This info was gleaned from other sites.  I adapted the tests to display results in color.  Hey I'm old, it helps to see things  :-)

The tests are listed as Redhat or Centos but the same script should work on any version of Linux and probably Unix as well.

BASH ShellShock Remediation

Redhat/Centos version:
cat /etc/redhat-release

BASH version:
bash -version 
   Or
rpm -qa | grep bash

Test: 
clear;env x="() { :;}; echo -e '\033[1;31mVULNERABLE\033[0m'" "BASH_FUNC_x()=() { :;}; echo VULNERABLE" bash -c " echo -ShellShock-Test-"
   Or
clear;env X="() { :;} ; echo -e '\033[1;31mVULNERABLE\033[0m'" /bin/sh -c "echo -ShellShock-Test-"

Result before patching:
VULNERABLE
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo VULNERABLE'
bash: error importing function definition for `BASH_FUNC_x'
-ShellShock-Test-
    Or
VULNERABLE
-ShellShock-Test-

Remediation:
yum update bash

Result after patching:
bash: warning: X: ignoring function definition attempt
bash: error importing function definition for `X'
-ShellShock-Test-
   Or
-ShellShock-Test-

Comments

Post a Comment

Popular posts from this blog

How to use PowerShell to find what computer a user is CURRENTLY logged into.

I recently had an issue where I needed the ability to identify the PC(s) where a user was logged into.  I found part of the answer here:  http://deployhappiness.com/find-out-what-computer-a-user-logged-into/#comment-5068 I won't reprint it here but the jist is by using a logon/logoff VB script, and a GPO, you can populate a field in the Active Directory record of each PC in a domain. That part works really well.  After that you would need to search AD for the username to identify the PC. What I've done is created a PowerShell script with a GUI to do it for you.  Now, it's not finished yet, but it does work.  The code below is dirty and as soon as I get it the way I want I'll update this posting, but for now, it works pretty well.  Don't complain about bugs,I know it has them, I'm working on it.  And, yes, I have no doubt some things could be done better or more efficiently, feel free to post improvements. What it has (or will have): Self re...
Read more

New script storage location

It's been a while since I posted anything here.  My new job has been keeping me extremely busy and yet I keep tweaking my scripts.   I have some new ones I want to get posted as well and I've started posting my scripts on Github at  https://github.com/kcmazie  rather than trying to get them to "look right" here.  I'll continue to move them over there as I get time. To facilitate Google indexing I'm posting direct links here... https://github.com/kcmazie/ADAccountDeactivator  https://github.com/kcmazie/AuditLocalAdmins https://github.com/kcmazie/AutoCert https://github.com/kcmazie/CredentialsWithKey https://github.com/kcmazie/Datastore-Tracker https://github.com/kcmazie/DefaultSig https://github.com/kcmazie/DiskCleanup https://github.com/kcmazie/DNSValidator https://github.com/kcmazie/DomainDiskReport https://github.com/kcmazie/DomainPurge https://github.com/kcmazie/FixUnquotedServicePaths https://github.com/kcmazie/GPO-Backup https://github.com/kcmazie...
Read more
I just ran into a case where I needed to remove the PC side client from BMC TrackIt! from an entire domain.  I created a little script to do it for me.  It happily ran through and removed it from every workstation.  It's quick and dirty but it does work. clear-host function Run-RemoteCMD {     param (     [Parameter(Mandatory = $true ,valuefrompipeline = $true )]     [ string ] $computer ,     [ string ] $command     )     begin {     #$computer         #$command = "ipconfig /registerdns" #Read-Host " Enter command to run"         [ string ] $cmd = "CMD.EXE /C " + $command                         }     process {    ...
Read more