Have a look a the script https://github.com/hannob/bashcheck/blob/master/bashcheck it seems to me it covers all know shelshock CVE
On Mon, Sep 29, 2014 at 4:13 AM, Mark Casey <[email protected]> wrote: > Thanks to both for the suggestions. > > Mark > > On Sunday, September 28, 2014 3:40:37 AM UTC-5, Igor Khomyakov wrote: >> >> Absolutely it fitted perfectly >> >> -- Best, Igor >> >> 27 сент. 2014 г. 18:18 пользователь "Michael DeHaan" <[email protected]> >> написал: >>> >>> I'm a big fan of the "script" module when you need to push and run a tiny >>> shell script. >>> >>> http://docs.ansible.com/script_module.html >>> >>> >>> >>> On Sat, Sep 27, 2014 at 3:04 AM, Igor Homyakov <[email protected]> wrote: >>>> >>>> Hi Mark, >>>> >>>> I think this is not a good idea to use one liner such that. There are >>>> many players except bash interpreter, yaml parser, python string >>>> quotation and so forth. I would recommend you to you use a bash script >>>> in this case >>>> >>>> I've made a simple role, it is based and code samples you provided I >>>> hope you will find it useful >>>> https://github.com/hostmaster/check_shellshock >>>> >>>> -- Best, Igor >>>> >>>> On Sat, Sep 27, 2014 at 6:02 AM, Mark Casey <[email protected]> wrote: >>>> > Oh... the official source of the commands was: >>>> > https://access.redhat.com/articles/1200223, but someone was nice >>>> > enough to >>>> > combine them in: >>>> > https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c47 >>>> > >>>> > >>>> > On Friday, September 26, 2014 9:00:57 PM UTC-5, Mark Casey wrote: >>>> >> >>>> >> I'm trying to write an Ansible task to check for both CVE-2014-6271 >>>> >> and >>>> >> CVE-2014-7169 as I haven't been able to find one pre-made. >>>> >> >>>> >> This command should check both but for the life of me I can't get the >>>> >> escaped single quote past the parser... I've tried some variants of >>>> >> "shell: >>>> >> >" and "shell: |" but no dice. >>>> >> >>>> >> >>>> >>> - name: Check for shellshock fix (checks for both CVE-2014-6271 and >>>> >>> CVE-2014-7169) >>>> >>> shell: cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo >>>> >>> vulnerable' >>>> >>> 'f=() { (a)=>\' bash -c 'echo echo vulnerable'; cat echo >>>> >>> args: >>>> >>> executable: /bin/bash >>>> >>> sudo: no >>>> >>> register: shellshock_result2 >>>> >>> changed_when: False >>>> >>> failed_when: "'vulnerable' in shellshock_result2.stderr" >>>> >> >>>> >> >>>> >> This version gives: >>>> >> >>>> >>> ERROR: There was an error while parsing the task "shell cd /tmp && >>>> >>> rm -f >>>> >>> /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (a)=>\\' bash >>>> >>> -c >>>> >>> 'echo echo vulnerable'; cat echo". >>>> >>> Make sure quotes are matched or escaped properly >>>> >> >>>> >> >>>> >> >>>> >> I'm assuming the issue is that, if I understand correctly, the second >>>> >> exploit partly depends on the mismatched quote arriving unharmed(?) >>>> >> and YAML >>>> >> thinks that is bad(?). >>>> >> >>>> >> Anyone have any ideas or should I just copy it over as a script and >>>> >> run >>>> >> that? >>>> >> >>>> >> Thank you, >>>> >> Mark >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> > Groups >>>> > "Ansible Project" group. >>>> > To unsubscribe from this group and stop receiving emails from it, send >>>> > an >>>> > email to [email protected]. >>>> > To post to this group, send email to [email protected]. >>>> > To view this discussion on the web visit >>>> > >>>> > https://groups.google.com/d/msgid/ansible-project/c40d456b-8d1b-40f4-b0a5-95ce4cebe359%40googlegroups.com. >>>> > >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/CAGuansqODOOhR_u84L%3DKwU1Voc30HXBVGD6BuDxAfkt5uwa%3D8Q%40mail.gmail.com. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxAE19OMPFCvWim%3DP5jv%2BFOjhEbrBpt3_Oo3vkr_P6XEw%40mail.gmail.com. >>> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fcdc5f47-98f6-49c3-a57a-80e69b358176%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGuanspozwUh6atunXg7V2%2BuNR5%2BouW6nSCrws3_xkuEj9fL_g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
