I’m trying to write an Ansible task to check for both CVE-2014-6271 and CVE-2014-7169 as I haven’t been able to find one pre-made.
This command should check both but for the life of me I can’t get the escaped single quote past the parser… I’ve tried some variants of “shell: >” and “shell: |” but no dice.
- name: Check for shellshock fix (checks for both CVE-2014-6271 and CVE-2014-7169)
shell: cd /tmp && rm -f /tmp/echo && env ‘x=() { :;}; echo vulnerable’ 'f=() { (a)=>' bash -c ‘echo echo vulnerable’; cat echo
args:
executable: /bin/bash
sudo: no
register: shellshock_result2
changed_when: False
failed_when: “‘vulnerable’ in shellshock_result2.stderr”
This version gives:
``` ERROR: There was an error while parsing the task "shell cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (a)=>\\' bash -c 'echo echo vulnerable'; cat echo". Make sure quotes are matched or escaped properly ```
I’m assuming the issue is that, if I understand correctly, the second exploit partly depends on the mismatched quote arriving unharmed(?) and YAML thinks that is bad(?).
Anyone have any ideas or should I just copy it over as a script and run that?
Thank you,
Mark