| 1 | + | #!/bin/posh |
| 2 | + | # shellcheck disable=1003,1091,2006,2016,2034,2039 |
| 3 | + | # vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et: |
| 4 | + | # |
| 5 | + | # doc: |
| 6 | + | # |
| 7 | + | # Copy this file to a new one with the same name of the cve to test, all in |
| 8 | + | # lowercase (i.e.: cve-2014–6271.sh). |
| 9 | + | # Then add the code for the functions shown here. **ALL** functions must appear |
| 10 | + | # in the new created file, however the ones marked as 'optional' can be left |
| 11 | + | # with the same code than in 'skel.sh'. Inside the function, declare all the |
| 12 | + | # variables as 'local' (i.e.: local vuln_version="1.2.3") |
| 13 | + | # |
| 14 | + | # NOTE: You can use here, functions and variables implemented in 'lse.sh': |
| 15 | + | # * lse_get_pkg_version: Get package version supplying package name |
| 16 | + | # * lse_is_version_bigger: Check if version in $1 is bigger than the $2 |
| 17 | + | # * $lse_arch: System architecture |
| 18 | + | # * $lse_distro_codename: The linux distribution code name (ubuntu, debian, |
| 19 | + | # opsuse, centos, redhat, fedora) |
| 20 | + | # * $lse_linux: Kernel version |
| 21 | + | # * Colors |
| 22 | + | # XXX: Check the definitions in 'lse.sh' to better understand what they do and |
| 23 | + | # how they work |
| 24 | + | # |
| 25 | + | ################################################################################ |
| 26 | + | ## RULES: |
| 27 | + | ## * Do NOT cause any harm with the tests |
| 28 | + | ## * Try to be as accurate as possible, trying to detect patched versions from |
| 29 | + | ## distro package versions. Try to minimize false positives. |
| 30 | + | ## * The script must be POSIX compliant. Test it with 'posh' shell. |
| 31 | + | ################################################################################ |
| 32 | + | |
| 33 | + | |
| 34 | + | # lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs |
| 35 | + | lse_cve_level=0 |
| 36 | + | |
| 37 | + | # lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271) |
| 38 | + | lse_cve_id="cve-2021-3156" |
| 39 | + | |
| 40 | + | # lse_cve_description: Short. Not more than 52 characters long. |
| 41 | + | #__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv" |
| 42 | + | lse_cve_description="Sudo Baron Samedit vulnerability" |
| 43 | + | |
| 44 | + | # Code retrieved with 'declare -f' by the packaging bash script |
| 45 | + | lse_cve_test() { #( |
| 46 | + | local vulnerable=false |
| 47 | + | local sudo |
| 48 | + | local sudo_version |
| 49 | + | local v2 |
| 50 | + | sudo="$(command -v sudo)" |
| 51 | + | if [ -n "$sudo" ]; then |
| 52 | + | vulnerable=true |
| 53 | + | sudo_version="$(sudo --version | head -n1 | cut -d ' ' -f 3)" |
| 54 | + | v2="$(echo "$sudo_version" | cut -d. -f2)" |
| 55 | + | # only 1.8.2 to 1.8.31p2 is vulnerable |
| 56 | + | if lse_is_version_bigger 1.8.2 "$sudo_version"; then |
| 57 | + | exit 1 |
| 58 | + | fi |
| 59 | + | if [ "$v2" = 8 ] && lse_is_version_bigger "$sudo_version" 1.8.31p2; then |
| 60 | + | exit 1 |
| 61 | + | fi |
| 62 | + | # only 1.9.0 to 1.9.5p1 is vulnerable |
| 63 | + | if lse_is_version_bigger "$sudo_version" 1.9.5p1; then |
| 64 | + | exit 1 |
| 65 | + | fi |
| 66 | + | fi |
| 67 | + | $vulnerable && echo "Vulnerable! sudo version: $sudo_version" |
| 68 | + | } #) |
| 69 | + | |