bashの脆弱性 (ShellShock) まとめ
これまでに見つかり修正されているbashの脆弱性 (ShellShock) について、該当有無の判断方法と、修正バージョンをまとめました。
CVE-2014-6271
確認方法
$ env x='() { :;}; echo vulnerable' ./bash -c "echo this is a test"
[NG pattern]
vulnerable
this is a test
[OK pattern]
./bash: warning: x: ignoring function definition attempt
./bash: error importing function definition for `x'
this is a test
or
No output.
修正パッチ
- bash43-025
- bash42-048
- bash41-012
- bash40-039
- bash32-052
- bash31-018
- bash30-017
- bash205b-008
CVE-2014-7169
確認方法
$ env X='() { (a)=>\' ./bash -c "echo date"; cat echo
[NG pattern]
./bash: X: line 1: syntax error near unexpected token `='
./bash: X: line 1: `'
./bash: error importing function definition for `X'
Thu Oct 9 00:09:13 JST 2014
[OK pattern]
./bash: X: line 1: syntax error near unexpected token `='
./bash: X: line 1: `'
./bash: error importing function definition for `X'
date
cat: echo: No such file or directory
or
No output.
修正パッチ
- bash43-026
- bash42-049
- bash41-013
- bash40-040
- bash32-053
- bash31-019
- bash30-018
- bash205b-009
CVE-2014-7186
確認方法
$ ./bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' [NG pattern] Segmentation fault (core dumped) [OK pattern] ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') ./bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF') or No output.
修正パッチ
- bash43-028
- bash42-051
- bash41-015
- bash40-042
- bash32-055
- bash31-021
- bash30-020
- bash205b-011
CVE-2014-7187
確認方法
$ (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | ./bash
[NG pattern]
./bash: line 129: syntax error near `x129'
./bash: line 129: `for x129 in ; do :'
[OK pattern]
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | ./bash
or
No output.
修正パッチ
- bash43-028
- bash42-051
- bash41-015
- bash40-042
- bash32-055
- bash31-021
- bash30-020
- bash205b-011
CVE-2014-6277
確認方法
$ env 'BASH_FUNC_x%%=() { x() { _; }; x() { _; } <<a; }' ./bash -c ':'
[NG pattern]
Segmentation fault (core dumped)
[OK pattern]
./bash: warning: here-document at line 0 delimited by end-of-file (wanted `a')
or
No output.
修正パッチ
- bash43-029
- bash42-052
- bash41-016
- bash40-043
- bash32-056
- bash31-022
- bash30-021
- bash205b-012
CVE-2014-6278
確認方法
$ env 'BASH_FUNC_x%%=() { _; } >_[$($())] { echo hi mom; id; }' ./bash -c ':'
[NG pattern]
hi mom
uid=500(staff) gid=100(users) groups=100(users)
[OK pattern]
./bash: x: line 0: syntax error near unexpected token `{'
./bash: x: line 0: `x () { _; } >_[$($())] { echo hi mom; id; }'
./bash: error importing function definition for `x'||<
or
No output.
修正パッチ
- bash43-030
- bash42-053
- bash41-017
- bash40-044
- bash32-057
- bash31-023
- bash30-022
- bash205b-013
特記事項
下記のセキュリティ強化パッチを適用することで脆弱性が著しく緩和されます。
- bash43-027
- bash42-050
- bash41-014
- bash40-041
- bash32-054
- bash31-020
- bash30-019
- bash205b-010
