FP Shellshock at server with lack of space

Scanning / scan configuration
1

GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, Linux/Unix SSH Login, CVE-2014-7186) - Active Check

False positive at server with lack of space
OS: Ubuntu 20.04

Report

Summary

GNU Bash is prone to a remote command execution (RCE) vulnerability dubbed ‘Shellshock’.

Detection Result

Used command: /usr/bin/bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo 'CVE-2014-7186 vulnerable, redir_stack'

Result: /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF') /usr/bin/bash: warning: here-document at line 0 delimited by end-of-file (wanted EOF’)
/usr/bin/bash: cannot create temp file for here-document: No space left on device
CVE-2014-7186 vulnerable, redir_stack

Product Detection Result

Product cpe:/a:gnu:bash:5.0.17
Method GNU Bash Detection (Linux/Unix SSH Login) (OID: 1.3.6.1.4.1.25623.1.0.108258)

Insight

GNU bash contains a flaw that is triggered when evaluating untrusted input during stacked redirects handling.

Detection Method

Logs into the target machine via SSH, sends a crafted SSH command and checks the response.

Details: GNU Bash Environment Variable Handling RCE Vulnerability (Shellshock, …OID: 1.3.6.1.4.1.25623.1.0.802083
Version used: 2021-12-10T16:29:22+03:00
2

For such special and temporary edge cases please either:

  1. create an override (See 10.8 Using Overrides and False Positives)
  2. make space free on the target system

Point 2 is suggested as scanning such a target with not enough disc space available doesn’t guarantee a reliable and throughout vulnerability detection.

1 Like