CVE-2014-7186 #22
CVE-2014-7186 #22
Conversation
CVE-2014-7186/exploit.yml
Outdated
| debug: | ||
| msg: "{{ bash_version_output.stdout }}" | ||
|
|
||
| - name: Execute CVE-2014-7186 test case |
There was a problem hiding this comment.
Please move the execution of the exploit to the "command" parameter of cvex.yml. Also, I'm not sure that the exploit is working properly:
2024-11-19 09:40:02,973 - INFO - [ubuntu] TASK [Execute CVE-2014-7186 test case] *****************************************
2024-11-19 09:40:04,012 - INFO - [ubuntu] changed: [ubuntu]
2024-11-19 09:40:04,012 - INFO - [ubuntu]
2024-11-19 09:40:04,012 - INFO - [ubuntu] TASK [Display exploit result] **************************************************
2024-11-19 09:40:04,108 - INFO - [ubuntu] ok: [ubuntu] => {
2024-11-19 09:40:04,109 - INFO - [ubuntu] "msg": ""
2024-11-19 09:40:04,109 - INFO - [ubuntu] }
There was a problem hiding this comment.
I've updated it based on https://access.redhat.com/articles/1200223 & included the desired breaking output information as a comment in exploit.yml, hopefully this is more clear!
CVE-2014-7186/cvex.yml
Outdated
| @@ -0,0 +1,4 @@ | |||
| blueprint: ubuntu2204 | |||
| ubuntu: | |||
| trace: docker | |||
There was a problem hiding this comment.
Why to trace docker? It's not even installed.
There was a problem hiding this comment.
this was leftover from a previous iteration
CVE-2014-7186/exploit.yml
Outdated
| done | bash || echo "CVE-2014-7186 triggered" | ||
| EOF | ||
| chmod +x /tmp/cve-2014-7186-test.sh | ||
| /tmp/cve-2014-7186-test.sh |
There was a problem hiding this comment.
Where is cve-2014-7186-test.sh?
There was a problem hiding this comment.
I think that this creates cve-2014-7186-test.sh as the ansible script executes. I've updated it to be separate now for readability
CVE-2014-7186/exploit.yml
Outdated
| dest: /tmp/x.sh | ||
| mode: '0755' | ||
|
|
||
| - name: Execute the script |
There was a problem hiding this comment.
Please move execution of the exploit to the "command" parameter of cvex.yml
CVE-2014-7186/exploit.yml
Outdated
| executable: /bin/bash | ||
| register: exploit_output | ||
|
|
||
| - name: Display exploit result # if it worked, the time and date information will be output on the screen and a file called /tmp/echo will be created |
There was a problem hiding this comment.
It shows me this:
2024-11-20 13:46:58,503 - INFO - [ubuntu] TASK [Display exploit result] **************************************************
2024-11-20 13:46:58,581 - INFO - [ubuntu] ok: [ubuntu] => {
2024-11-20 13:46:58,582 - INFO - [ubuntu] "msg": "Wed Nov 20 12:46:58 UTC 2024"
2024-11-20 13:46:58,582 - INFO - [ubuntu] }
How exactly this is a proof that the exploit is working? It'd be great if you put a comment to x.sh, explaining it.
|
Doesn't work :(
|
|
I don't know why, but when I move the bash command into cvex.yml it always throws that error... I think it's because it executes with a slightly different configuration? I can't seem to fix it |
@olegbck can you please advise on this? Is it ok to just have it in the exploit.yaml instead |
|
Sorry I merged your PR by mistake. Could you please create another one? It seems that there is a bug in CVEX, working on it. |
pull request for bash redir_stack issue exploit