Advertisement
Python253

cve_2014_7169_bash

Apr 9th, 2024
935
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.14 KB | None | 0 0
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3. # Filename: cve_2014_7169_bash.py
  4. # Version: 1.0.0
  5. # Author: Jeoi Reqi
  6. # Vulnerability Source: https://nvd.nist.gov/vuln/detail/CVE-2014-7169
  7.  
  8. """
  9. Description:
  10. This script checks for the presence of vulnerable software configurations on the user's machine
  11. in relation to the CVE-2014-7169 vulnerability. It compares the list of installed software on
  12. the system with a predefined list of vulnerable software configurations associated with the CVE.
  13. If any vulnerable software configurations are found, it displays a warning message to prompt
  14. the user to take immediate action to mitigate the vulnerability.
  15.  
  16. Requirements:
  17. - Python 3.x: The script is written in Python 3 and requires a Python interpreter of version 3 or higher to run.
  18. - WMI Module: The script uses the WMI module to interact with the Windows Management Instrumentation (WMI) API
  19.  to retrieve a list of installed software on a Windows system. Ensure that the WMI module is installed.
  20.  You can install it using pip: `pip install WMI`.
  21.  
  22. Usage:
  23. 1. Ensure Python 3.x is installed on your system.
  24. 2. Install the WMI module by running `pip install WMI`.
  25. 3. Run the script using the command `python cve_2014_7169_bash.py`.
  26. 4. The script will verify if any vulnerable software configurations are installed on your machine and
  27.   provide instructions for mitigation if necessary.
  28.  
  29. Functions:
  30. - get_installed_software(): Retrieves a list of installed software on the user's machine using the WMI module.
  31. - check_for_vulnerabilities(): Compares the list of installed software with a predefined list of vulnerable
  32.  software configurations and displays a warning message if any vulnerable software configurations are found.
  33.  
  34. Important Notes:
  35. - The predefined list of vulnerable software configurations in this script corresponds to the CVE-2014-7169 vulnerability.
  36. - The script only supports Windows systems due to its dependency on the WMI module for retrieving installed software information.
  37. """
  38.  
  39. import wmi
  40.  
  41. def get_installed_software():
  42.     """
  43.    Retrieves a list of installed software on the user's machine using the WMI module.
  44.    
  45.    Returns:
  46.        list: A list containing the names of installed software.
  47.    """
  48.     c = wmi.WMI()
  49.     installed_software = []
  50.     for item in c.Win32_Product():
  51.         installed_software.append(item.Caption)
  52.     return installed_software
  53.  
  54. def check_for_vulnerabilities():
  55.     """
  56.    Compares the list of installed software with a predefined list of vulnerable software configurations
  57.    and displays a warning message if any vulnerable software configurations are found.
  58.    """
  59.     installed_software = get_installed_software()
  60.     vulnerable_software = [
  61.         "GNU Bash 1.14.0",
  62.         "GNU Bash 1.14.1",
  63.         "GNU Bash 1.14.2",
  64.         "GNU Bash 1.14.3",
  65.         "GNU Bash 1.14.4",
  66.         "GNU Bash 1.14.5",
  67.         "GNU Bash 1.14.6",
  68.         "GNU Bash 1.14.7",
  69.         "GNU Bash 2.0",
  70.         "GNU Bash 2.01",
  71.         "GNU Bash 2.01.1",
  72.         "GNU Bash 2.02",
  73.         "GNU Bash 2.02.1",
  74.         "GNU Bash 2.03",
  75.         "GNU Bash 2.04",
  76.         "GNU Bash 2.05",
  77.         "GNU Bash 2.05:a",
  78.         "GNU Bash 2.05:b",
  79.         "GNU Bash 3.0",
  80.         "GNU Bash 3.0.16",
  81.         "GNU Bash 3.1",
  82.         "GNU Bash 3.2",
  83.         "GNU Bash 3.2.48",
  84.         "GNU Bash 4.0",
  85.         "GNU Bash 4.0:rc1",
  86.         "GNU Bash 4.1",
  87.         "GNU Bash 4.2",
  88.         "GNU Bash 4.3"
  89.     ]
  90.     vulnerable_installed = [software for software in installed_software if software in vulnerable_software]
  91.     if vulnerable_installed:
  92.         print("\nWarning:\nThe following vulnerable software configurations are installed on your machine:")
  93.         for software in vulnerable_installed:
  94.             print("- " + software)
  95.         print("\nPlease take immediate action to mitigate the vulnerability by applying updates per vendor instructions.\n")
  96.     else:
  97.         print("\nAll clear!\nNone of the vulnerable software configurations are installed on your machine.\n")
  98.  
  99. if __name__ == "__main__":
  100.     print("Verifying vulnerable software configurations...")
  101.     check_for_vulnerabilities()
  102.  
  103.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement