#!/bin/bash
[ -n "$1" ] && bash=$(which $1) || bash=$(which bash)
echo -e "\\033[95mTesting $bash ..."
echo $($bash --version | head -n 1)
echo -e "\\033[39m"
r=`env x="() { :; }; echo x" $bash -c "" 2>/dev/null`
if [ -n "$r" ]; then
echo -e \'\\033[91mVulnerable to CVE-2014-6271 (original shellshock)\\033[39m\'
else
echo -e \'\\033[92mNot vulnerable to CVE-2014-6271 (original shellshock)\\033[39m\'
fi
cd /tmp;rm echo 2>/dev/null
env x=\'() { function a a>\\\' $bash -c echo 2>/dev/null > /dev/null
if [ -e echo ]; then
echo -e "\\033[91mVulnerable to CVE-2014-7169 (taviso bug)\\033[39m"
else
echo -e "\\033[92mNot vulnerable to CVE-2014-7169 (taviso bug)\\033[39m"
fi
$($bash -c "true $(printf \'<<EOF %.0s\' {1..80})" 2>/tmp/bashcheck.tmp)
ret=$?
grep -q AddressSanitizer /tmp/bashcheck.tmp
if [ $? == 0 ] || [ $ret == 139 ]; then
echo -e "\\033[91mVulnerable to CVE-2014-7186 (redir_stack bug)\\033[39m"
else
echo -e "\\033[92mNot vulnerable to CVE-2014-7186 (redir_stack bug)\\033[39m"
fi
$bash -c "`for i in {1..200}; do echo -n "for x$i in; do :;"; done; for i in {1..200}; do echo -n "done;";done`" 2>/dev/null
if [ $? != 0 ]; then
echo -e "\\033[91mVulnerable to CVE-2014-7187 (nested loops off by one)\\033[39m"
else
echo -e "\\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\\033[39m"
fi
$($bash -c "f(){ x(){ _;};x(){ _;}<<a;}" 2>/dev/null)
if [ $? != 0 ]; then
echo -e "\\033[91mVulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]\\033[39m"
else
echo -e "\\033[92mNot vulnerable to CVE-2014-6277 (lcamtuf bug #1)\\033[39m"
fi
if [ -n "$(env x=\'() { _;}>_[$($())] { echo x;}\' $bash -c : 2>/dev/null)" ]; then
echo -e "\\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [no prefix/suffix]\\033[39m"
elif [ -n "$(env BASH_FUNC_x%%=\'() { _;}>_[$($())] { echo x;}\' $bash -c : 2>/dev/null)" ]; then
echo -e "\\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [prefix/%%-suffix]\\033[39m"
elif [ -n "$(env \'BASH_FUNC_x()\'=\'() { _;}>_[$($())] { echo x;}\' $bash -c : 2>/dev/null)" ]; then
echo -e "\\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [prefix/()-suffix]\\033[39m"
else
echo -e "\\033[92mNot vulnerable to CVE-2014-6278 (lcamtuf bug #2)\\033[39m"
fi
r=`a="() { echo x;}" $bash -c a 2>/dev/null`
if [ -n "$r" ]; then
echo -e "\\033[93mVariable function parser still active, maybe vulnerable to unknown parser bugs\\033[39m"
else
echo -e "\\033[92mVariable function parser inactive, likely safe from unknown parser bugs\\033[39m"
fi