Created
September 30, 2014 07:34
-
-
Save bobmaerten/c454ad03dbf81f72c220 to your computer and use it in GitHub Desktop.
Remember to update your docker images too!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ docker run --rm -i -t debian /bin/bash | |
| root@bafbca8fc9af:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("^C | |
| root@bafbca8fc9af:/# | |
| root@bafbca8fc9af:/# | |
| root@bafbca8fc9af:/# | |
| root@bafbca8fc9af:/# exit | |
| ❯ docker run --rm -i -t debian /bin/bash | |
| root@feff7506db14:/# # test CVE-2014-6271 | |
| root@feff7506db14:/# env x='() { :;}; echo vulnerable' bash -c echo | |
| vulnerable | |
| root@feff7506db14:/# # and CVE-2014-7169 | |
| root@feff7506db14:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :(" | |
| bash: X: line 1: syntax error near unexpected token `=' | |
| bash: X: line 1: `' | |
| bash: error importing function definition for `X' | |
| still vulnerable :( | |
| root@feff7506db14:/# exit | |
| ❯ docker pull debian | |
| Pulling repository debian | |
| e565fbbc6033: Download complete | |
| d56191e18d6b: Download complete | |
| 99bedb6181f9: Download complete | |
| 4bd5c5167d87: Download complete | |
| 186c653f407d: Download complete | |
| 00abb8b6d294: Download complete | |
| fd10997380bc: Download complete | |
| b5fe16f2ccba: Download complete | |
| acaac612a9c7: Download complete | |
| fee2ea4e24af: Download complete | |
| 064abb0b74c0: Download complete | |
| 06af7ad6cff1: Download complete | |
| 147ad610cb86: Download complete | |
| 8f7a4d0a4823: Download complete | |
| a858b759e896: Download complete | |
| 511136ea3c5a: Download complete | |
| 0ced2657081d: Download complete | |
| 6bd9887df924: Download complete | |
| 1da500df1fa5: Download complete | |
| fc771a104334: Download complete | |
| b25c4c583304: Download complete | |
| 405cce5cd17d: Download complete | |
| 1f2439448d81: Download complete | |
| 584162d19e17: Download complete | |
| 5ac533fe7902: Download complete | |
| 09dea90e78b7: Download complete | |
| 532d5076717c: Download complete | |
| ad261d40b2ab: Download complete | |
| ec3443b7b068: Download complete | |
| 6c0d4e997980: Download complete | |
| 92fe4e96d58f: Download complete | |
| ❯ docker run --rm -i -t debian /bin/bash | |
| root@7dc5d6e7324a:/# # test CVE-2014-6271 | |
| root@7dc5d6e7324a:/# env x='() { :;}; echo vulnerable' bash -c echo | |
| root@7dc5d6e7324a:/# # and CVE-2014-7169 | |
| root@7dc5d6e7324a:/# env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :(" | |
| echo vuln | |
| cat: echo: No such file or directory | |
| root@7dc5d6e7324a:/# exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment