ShellShock 漏洞检测脚本

说明

bashcheck 是一个用来检测 ShellShock 漏洞的脚本.

使用

下载:

wget https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck

执行检测

bash bashcheck

输出如下图

关于ShellShock：CVE-2014-6271

一个被指比“心脏出血”还要严重的Linux安全漏洞被发现，尽管还没有发现利用该漏洞进行的攻击，但是比“心脏出血”更低的操作门槛让它比前者更加危险。

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

更多信息参见: ShellShock - Wikipedia 持续更新