Skip to content

Instantly share code, notes, and snippets.

@kacy

kacy/gist:2b9408af04c71fab686e

Last active June 16, 2020 20:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kacy/2b9408af04c71fab686e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kacy/2b9408af04c71fab686e to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2014-6271 fix for ubuntu bash
Raw
gistfile1.yml
---
- hosts: all
user: root
sudo: true
tasks:
- name: update apt
command: apt-get update
- name: update bash
command: apt-get --only-upgrade install bash
- name: check bash fix
command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
register: command_result
failed_when: "'error' not in command_result.stderr"
@jmserra
Copy link
Copy Markdown

jmserra commented Nov 7, 2014

As for the last task, you could use the shellshocker site script to easily check if all vulnerabilities were resolved by doing:

- name: check vulnerability status fix
  shell: curl https://shellshocker.net/shellshock_test.sh | bash
  register: command_result

- debug: var=command_result.stdout_lines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment