API tools faq
paste
Advertisement
Guest User

rhel-GHOST-test.sh

a guest
Jan 28th, 2015
329
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.35 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # rhel-GHOST-test.sh -  GHOST vulnerability tester. Only for CentOS/RHEL based servers.  #
  3. # Credit : Red Hat, Inc - https://access.redhat.com/labs/ghost/ #
  4. vercomp () {
  5.     if [[ $1 == $2 ]]
  6.     then
  7.         return 0
  8.     fi
  9.     local IFS=.
  10.     local i ver1=($1) ver2=($2)
  11.     # fill empty fields in ver1 with zeros
  12.     for ((i=${#ver1[@]}; i<${#ver2[@]}; i++))
  13.     do
  14.         ver1[i]=0
  15.     done
  16.     for ((i=0; i<${#ver1[@]}; i++))
  17.     do
  18.         if [[ -z ${ver2[i]} ]]
  19.         then
  20.             # fill empty fields in ver2 with zeros
  21.             ver2[i]=0
  22.         fi
  23.         if ((10#${ver1[i]} > 10#${ver2[i]}))
  24.         then
  25.             return 1
  26.         fi
  27.         if ((10#${ver1[i]} < 10#${ver2[i]}))
  28.         then
  29.             return 2
  30.         fi
  31.     done
  32.     return 0
  33. }
  34.  
  35. glibc_vulnerable_version=2.17
  36. glibc_vulnerable_revision=54
  37. glibc_vulnerable_version2=2.5
  38. glibc_vulnerable_revision2=122
  39. glibc_vulnerable_version3=2.12
  40. glibc_vulnerable_revision3=148
  41. echo "Vulnerable glibc version <=" $glibc_vulnerable_version"-"$glibc_vulnerable_revision
  42. echo "Vulnerable glibc version <=" $glibc_vulnerable_version2"-"$glibc_vulnerable_revision2
  43. echo "Vulnerable glibc version <=" $glibc_vulnerable_version3"-1."$glibc_vulnerable_revision3
  44.  
  45. glibc_version=$(rpm -q glibc | awk -F"[-.]" '{print $2"."$3}' | sort -u)
  46. if [[ $glibc_version == $glibc_vulnerable_version3 ]]
  47. then
  48.     glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $5}' | sort -u)
  49. else
  50.     glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $4}' | sort -u)
  51. fi
  52. echo "Detected glibc version" $glibc_version" revision "$glibc_revision
  53.  
  54. vulnerable_text=$"This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
  55. Please refer to <https://access.redhat.com/articles/1332213> for remediation steps"
  56.  
  57. if [[ $glibc_version == $glibc_vulnerable_version ]]
  58. then
  59.     vercomp $glibc_vulnerable_revision $glibc_revision
  60. elif [[ $glibc_version == $glibc_vulnerable_version2 ]]
  61. then
  62.     vercomp $glibc_vulnerable_revision2 $glibc_revision
  63. elif [[ $glibc_version == $glibc_vulnerable_version3 ]]
  64. then
  65.     vercomp $glibc_vulnerable_revision3 $glibc_revision
  66. else
  67.     vercomp $glibc_vulnerable_version $glibc_version
  68. fi
  69.  
  70. case $? in
  71.     0) echo "$vulnerable_text";;
  72.     1) echo "$vulnerable_text";;
  73.     2) echo "Not Vulnerable.";;
  74. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!