Comments (5)
To avoid these kind of errors I've added bash version checking on script's startup. 4.0 is needed for associative arrays, =~
operator was added in 3.* so we should be good now.
from linux-exploit-suggester.
For what it's worth, CentOS 5.5 (2.6.18-194) and CentOS 5.4 (2.6.18-164) don't have this issue.
from linux-exploit-suggester.
I was able to reproduce this issue (and an additional error) on CentOS 5.0 (i686).
$ uname -a
Linux centos-live 2.6.18-8.1.1.tl5 #2 SMP Fri Apr 13 22:03:48 EDT 2007 i686 i686 i386 GNU/Linux
$ bash --version
GNU bash, version 3.1.17(1)-release (i686-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
$ bash ./linux-exploit-suggester.sh
Kernel version: 2.6.18
Architecture: i386
Distribution:
Package list:
Possible Exploits:
./linux-exploit-suggester.sh: line 1324: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
./linux-exploit-suggester.sh: line 1379: syntax error in conditional expression: unexpected token `|'
./linux-exploit-suggester.sh: line 1379: syntax error near `|t'
./linux-exploit-suggester.sh: line 1379: ` elif [[ "$src_url" =~ ^.*tgz|tar.gz|zip$ && -n "$EXPLOIT_DB" ]]; then'
from linux-exploit-suggester.
Thanks guys.
Yeah, these are probably due to older Bash versions are lacking some particular feature (associative arrays, and probably =~ operator). Not sure how to handle it elegantly - I'm reluctant to support ancient bash versions.
In cases like this the simplest workaround would be to take uname -a
and rpm -qa
/dpkg -l
outputs from target machine and run linux-exploit-suggester.sh on other machine with newer bash:
$ ./linux-exploit-suggester.sh --uname "Linux centos-live 2.6.18-8.1.1.tl5 #2 SMP Fri Apr 13 22:03:48 EDT 2007 i686 i686 i386 GNU/Linux" --pkglist-file dpkgOutput.txt
from linux-exploit-suggester.
That's not a terrible workaround and is already reflective in the README.md. I agree you should not need to support ancient bash versions especially since you are likely running this script on an owned machine you have a shell on.
I'll go ahead and close this issue as I agree with your usage of uname -a
or rpm -qa|dpkg -l
Cheers
from linux-exploit-suggester.
Related Issues (20)
- My OS is up to date, why I still get the CVE exposure report? HOT 4
- Please update the script
- Broken URLs to exploitdb binsploits repo
- 在centos4.9上无法执行,显示Script needs Bash in version 4.0 or newer. Aborting
- [Suggestion] Alternative exploit for CVE-2017-1000112 HOT 1
- [Suggestion] Alternative exploit for CVE-2017-7308 HOT 1
- CONFIG_CC_STACKPROTECTOR deprecated in kernel 4.16 HOT 1
- Incorrect details for double-fdput (CVE-2016-4557) HOT 1
- Package version detection HOT 2
- bash compatibility HOT 2
- cannot create temp file for here-document: No such file or directory HOT 6
- Inventory notification HOT 1
- cat: write error: Broken pipe
- Aborts with `Both 'src-url' and 'exploit-db' entries are empty for '\e[1;32m[CVE-2019-15666]\e[0m XFRM_UAF' exploit - fix that. Aborting.` HOT 4
- Exploit Dirty cow 2 has been moved permanently. HOT 1
- Allow JSON output for automation integration
- Baron Samedit is displayed for invalid GLIBC versions HOT 2
- Typo: memodipper instead of mempodipper HOT 2
- Please Help Me HOT 3
- How To Add Exploit (CVE-2023-0386 OverlayFS) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linux-exploit-suggester.