[+] Ghost.sh [+]

1. #!/bin/bash
2. #Version 3
3. #This script verifies the changelog of the glibc packages in the RPM database
4.  
5. echo "Installed glibc version(s)"
6.  
7. rv=0
8. for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
9.     glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
10.     glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')
11.     glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }')
12.    
13.     echo -n "- $glibc_nvr: "
14.     if [ "$glibc_maj" -gt 2   -o  \
15.         \( "$glibc_maj" -eq 2  -a  "$glibc_min" -ge 18 \) ]; then
16.         # fixed upstream version
17.         echo 'not vulnerable'
18.     else
19.         # all RHEL updates include CVE in rpm %changelog
20.         if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then
21.             echo "not vulnerable"
22.         else
23.             echo "vulnerable"
24.             rv=1
25.         fi
26.     fi
27. done
28.  
29. if [ $rv -ne 0 ]; then
30.     cat <<EOF
31.  
32. This system is vulnerable to CVE-2015-0235.
33. Please refer to  for remediation steps
34. EOF
35. fi
36.  
37. exit $rv